OWASP Global Connector August 1, 2013

Kate Hartmann kate.hartmann at owasp.org
Thu Aug 1 13:21:17 UTC 2013

 OWASP Global Connector August 1, 2013


OWASP PHP Security Project (https://www.owasp.org/index.php/OWASP_PHP_Security_Project)

The OWASP PHP Security Project was developed to gather secure PHP libraries, and to provide a full featured framework of libraries for secure web applications in PHP.  The project aims to separate de-coupled libraries, and develop a while secure web application framework.  Many aspects of this project have been developed, and are being added to the OWASP project wiki page.  If you would like to contribute, please visit the OWASP PHP Security Project GitHub Repository (https://github.com/owasp/phpsec/), or contact Project Leader Abbas Naderi (mailto:Abbas.Naderi at owasp.org) for more information.


OWASP WebSandBox Project (https://www.owasp.org/index.php/OWASP_WebSandBox_Project)

This project is a  Web Sandbox written purely in Perl, similar to Fogger.  The WebSandBox Project is a sandbox web application that uses javascript v8, and it also uses Webkit to act as the browser.  The tool is also useful for web testing with Pharos proxy or ZAP, and for getting results only for the sandboxed site.  For more information, please contact the project leader Greg Disney (mailto:greg.disney at owasp.org).

OWASP Dependency Track Project (https://www.owasp.org/index.php/OWASP_Dependency_Track_Project)

Dependency-Track is a Java web application that allows organizations to document the use of third-party components across multiple applications and versions.  For more information, please contact the project leader, Steve Springett (mailto:Steve.Springett at owasp.org)

OWASP Security Principles Project (https://www.owasp.org/index.php/OWASP_Security_Principles_Project)

Legacy The idea is to distil the fundamentals of security into a set of concise principles that must be present in any system through out the requirements, architecture, development, testing and implementation of a system.  Please visit the OWASP Security Principles Project GitHub (http://owasp.github.io/Security-Principles/) website for the list.  For more information, please contact the project leader, Dennis Groves (mailto:dennis.groves at owasp.org).


OWASP Periodic Table of Vulnerabilities:  Open Comment Phase (OWASP Periodic Table of Vulnerabilities:  Open Comment Phase)

The Would you like to eliminate web application vulnerabilities forever?  The OWASP Periodic Table project is designed to help do just that!  The project is currently in the open comment phase.  We need your help to make sure we have prescribed the right mix of solutions, and the project meets the high standards of quality you have come to expect from OWASP.  Please use the survey link below to guide you through the project materials and collect your feedback.  You can find the survey here (https://www.surveymonkey.com/s/periodic_table_open_comment_review).  If you need more information on the project, please contact the project leader, James Landis (mailto:james.landis at owasp.org).

OWASP Testing Guide Project:  Contributors Wanted (https://www.owasp.org/index.php/OWASP_Testing_Project)

The OWASP Testing Guide Project is currently in need of authors to complete the next version of the guide.  Co-Project leaders, Andrew Muller (mailto:andrew.muller at owasp.org) and Matteo Meucci (mailto:matteo.meucci at owasp.org), are looking for experienced writers and reviewers to help complete this project.  Many of the main tasks required for release are now complete, so now we're focused on a sprint to release.  For this we need your help.  We're asking OWASP leaders to help us find and revive contributors with the time, expertise, and most importantly, commitment to complete the writing of Testing Guide articles.  So, if you've worked on the Dev or Code Review Guide, we could also use our help.  Please reach out to Andrew (mailto:Andrew.Muller at owasp.org) and Matteo (mailto:Matteo.meucci at owasp.org) if you are interested.

OWASP Women in AppSec News!

We are happy to report that the Women in AppSec Program (http://appsecusa.org/2013/activities/owasp-women-in-application-security-appsec-program/) has reached is fundraising goal for the year.  Thank you to our wonderful sponsors, iSEC Partners (https://www.isecpartners.com/), the OWASP Boston (https://owasp.org/index.php/Boston), OWASP Long Island (https://owasp.org/index.php/Long_Island), OWASP Dublin (https://owasp.org/index.php/Ireland-Dublin), and OWASP MSP Chapters (https://owasp.org/index.php/Minneapolis_St_Paul).
As a result, the Women in AppSec Call for Applicants is now open.  Apply if your are a female student at either the undergraduate or graduate level, an instructor, or a professional working woman who is interested in sponsorship to attend the AppSec USA 2013 Conference in New York City.  Apply Here:  Application Form (https://docs.google.com/a/owasp.org/forms/d/1WEtInvzlxLDXpTgfXh-E1E7e8H5FRfEOPIaTOizlBpk/viewform?edit_requested=true)


OWASP AppSec EU 2013 (https://appsec.eu/) - 

This event is coming up FAST!  Register now (https://appsec.eu/registration/) to secure your spot!

The Full Conference Schedule is Online (http://sched.appsec.eu/)

OWASP AppSec LATAM 2013 (https://www.owasp.org/index.php/AppSecLatam2013)
Call for Training and Call for Papers are now open (Deadline is August 2, 2013) - Click Here (https://www.owasp.org/index.php/AppSecLatam2013) to submit your training or your talk

OWASP AppSec USA 2013 (http://appsecusa.org)

Early bird registration closes on August 15th Register now to save $300  (http://appsecusa.org/2013/register/)

Click Here (http://appsecusa.org/2013/schedule/) for the full schedule of Talks and Training Classes

Contact Us (http://appsecusa.org/2013/sponsors/) to secure your sponsorship opportunity for the exhibit hall or for the career fair

We want ALL chapters, GLOBALLY, to share in the success of this event.  For each ticket to AppSec USA that your chapter sells between July 15 and August 15, your chapter will receive $50 USD in your chapter's account.  Be sure your referrals enter in the appropriate promotional code during registration.

AppSec USA promotional resources (http://appsecusa.org/2013/resources/)

List of Chapter Codes to be entered during registration (https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdDRLcU9Ta0N2bXpPWjFmT0hMUnh2cHc#gid=3)


OWASP India Conference 2013 (http://2013.owasp.in/) - Aug 30-31; New Delhi, India
Ghana Cyber Security (https://www.owasp.org/index.php/Ghana) - Sept 5-6 
OWASP New Zealand Day 2013 (https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013) - Sept 11-12; Auckland, New Zealand 
LASCON 2013 (http://lascon.org) - Oct 24-25, Austin, TX

​OWASP has partnered with these great events in the latter half of 2013 to grow our community and build awareness around software security.  If you want to learn more about OWASP's involvement or will be attending and want to participate, please 

CONTACT US (http://owasp4.owasp.org/contactus.html)
 - BlackHat 2013 (https://www.blackhat.com/us-13/) - July 27-Aug 1; Las Vegas, NV - OWASP Members receive a $200 discount with the code:  Uurtcw00

 - OHM 2013 (https://ohm2013.org/site/) - July 31-Aug 4; Geestmerambacht, NL

 - International Conference on Cyber Security (ICCS) (http://www.iccs.fordham.edu/) - Aug 5-8; New York, NY

 - (ISC)2 Security Congress Chicago, IL (https://congress.isc2.org/) - Sept 24-27; Chicago, IL - OWASP members receive a 20% discount with the code:  OWASP

 - Hacker Halted Europe 2013 - October 7-8; Reykjavik, Iceland
 - ISSA International Conference (http://www.issa.org/?page=Conference) - Oct 9-10; Nashville, TN

 - HITBSecConf 2013 (http://conference.hitb.org/) - Oct 14-17; Kuala Lumpur, Malaysia

 - Rochester Security Summit 2013 (https://www.rochestersecurity.org/) - Oct 22-23; Rochester, NY

 - RSA Conference Europe 2013 (http://www.rsaconference.com/events/2012/europe/index.htm) - Oct 29-31; Amsterdam, Netherlands - OWASP members receive 100 Euro discount with the code:  12E3OWASPD

 - Cloud Security Alliance Congress 2013 (http://www.misti.com/default.asp?page=65&Return=70&ProductID=4985) - Dec 4-5; Orlando, FL



Thank you to:
Ernst & Young and Quotium
for their renewals



AUGUST 16, 2013

SUBMIT YOUR CANDIDACY FOR THE GLOBAL BOARD OF DIRECTORS (https://www.owasp.org/index.php/2013_Board_Elections)


September 30, 2013 

Deadline to join or to renew your membership to ensure eligibility to vote in the 2013 election and WASPY awards


Please welcome OWASP's new Event Manager, Laura Grau

Laura Grau worked for the past 6 years in an international research center in Barcelona.  During these years she has gained a solid background organizing a wide variety of events.  Her complete bio can be found here (http://owasp.blogspot.com/2013/07/welcome-to-our-new-event-manager-laura.html)
Marketing Collateral:  Seeking Community Input

The OWASP Ops team is happy to report that the marketing project we have been working on with Sisterworks and Design Foundry is in the final stages of delivery.  We are now at a point where we would like to seek community input on a handful of the most critical marketing pieces we have developed with our contractors.  We have set up a wiki page to facilitate comments and votes from the community.  You can find more instructions on the process on the wiki page.  Please visit the Marketing community Input page (https://www.owasp.org/index.php/Marketing/Community_Input) to view, comment, and to vote on each marketing piece.


OWASP has partnered the Irish Honeynet Project (a not for profit organization) to conduct the first ever GLOBAL CTF!

This worldwide challenge will be launched at AppSec EU in Hamburg, Germany in August and run through mid November.  The winners will be announced at AppSec USA in New York!
Preliminary information can be found here (https://www.owasp.org/images/d/d5/Global_CTF.pdf)
Keep checking back for frequent updates and news! 


Register to participate in the OWASP Webinar Series.  This provides an opportunity to review some of the top security talks AND earn CPE credits!

the Next Webinar is scheduled for Wednesday August 7, 2013.  
LIVE - Jack Mannino
Jack Mannino unveils the MAJOR release forGoatDroid (https://github.com/jackMannino/OWASP-GoatDroid-Project)

Wednesday August 7

at 10am EDT (Live Webinar)

at 9pm EDT (replay of the Live Webinar)


We want to highlight projects and research!  If you have a topic that you would like to present, please submit an abstract here:  Contact us (http://owasp4.owasp.org/contactus.html)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-all/attachments/20130801/99eb509b/attachment-0001.html>

More information about the Owasp-all mailing list