OWASP Connector July 4, 2013

Kate Hartmann kate.hartmann at owasp.org
Thu Jul 4 16:14:17 UTC 2013


 OWASP Connector July 4, 2013
 
       
 

FEATURED OWASP PROJECT

OWASP DEVELOPMENT GUIDE (https://www.owasp.org/index.php/Category:OWASP_Guide_Project)

The OWASP Development guide 2013 is a dramatic re-write of one of OWASP's first and most downloaded projects.  The focus moves from countermeasures and weaknesses to secure software engineering.  

In this edition, architects, project leads, and developers can reference a massive text book covering all aspects of modern application security architecture, secure design, and detailed design patterns.  This edition aligns with the syllabus outcomes of the Undergraduate Software Assurance degree and Masters of Software Assurance.​

NEW OWASP PROJECTS

OWASP Skanda - SSRF Exploitation Framework (https://www.owasp.org/index.php/OWASP_Skanda_SSRF_Exploitation_Framework)

The Skanda is a SSRF Vulnerability Exploitation Framework.  The current version performs Cross Site Port Attack on vulnerable application, and discovers open ports.  Future versions will perform advanced attacks like network host discovery, service discovery, and service level vulnerability detection and exploitation through SSRF.  For more information, please contact the project leader, Jayesh Singh Chauhan (mailto:jayesh.singh at owasp.org)

OWASP RBAC Project (https://www.owasp.org/index.php/OWASP_RBAC_Project)

The RBAC project aims to port and promote standard NIST Level 2 RBAC implementations, currently the PHP version is available as a separate project.  For more information, please contact the project leader, Abbas Naderi (mailto:abbas.naderi at owasp.org).

OWASP PHP Security Project (https://www.owasp.org/index.php/OWASP_PHP_Security_Project)

The OWASP PHP Security project plans to gather around secure PHP libraries, and provide a full featured framework of libraries for secure web applications in PHP, both as separate de-coupled libraries and as a whole secure web application framework.  many aspects of this project are already handled, and are being added to OWASP.  For more information, please contact the project leader, Abbas Naderi (mailto:abbas.naderi at owasp.org).

PROJECT ANNOUNCEMENTS

OWASP Top Ten Project (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)

The We are pleased to announce that the 2013 version of the OWASP Top Ten is now available for download and for purchase.  Please visit the OWASP Top Ten Project wiki page for more information.

Download the 2013 OWASP Top Ten (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
Purchase the 2013 OWASP Top Ten (http://www.lulu.com/spotlight/owasp)

The Top Ten has already been translated into French, German, Indonesian, Italian, Japanese, Korean, Spanish, Chinese, and Vietnamese.  Current translations in process are:  Portuguese, Greek, Turkish, Malay, Czech, and Dutch.  Thank you to all the contributors to the translation effort.



GOT OWASP?

THE OWASP FOUNDATION IS MAKING ROOM FOR SOME NEW AND EXCITING SCHWAG.  THIS MEANS WE'RE HAVING A FIRE SALE!

CHAPTER LEADERS:  STOCK UP ON APPAREL ITEMS, MERCHANDISE, ELECTRONIC EQUIPMENT, AND MEETING SUPPLIES FOR YOUR CHAPTER

MORE INFORMATION COMING SOON!  PURCHASING LINKS WILL BE DISTRIBUTED VIA THE CHAPTER LEADER MAILING LIST, THE CHAPTERS PAGE, AND THROUGH SOCIAL MEDIA CHANNELS    

GLOBAL AppSec CONFERENCE ANNOUNCEMENTS

OWASP AppSec EU 2013 (https://appsec.eu/)
20 Speakers and Talks have been announced!  Click Here (http://sched.appsec.eu) for a catalogue of the amazing speakers and dynamic presentations on the docket for this years' OWASP Research Event.

Please plan on arriving to beautiful Hamburg, Germany prior to the event to take advantage of the world class training being offered.  Click Here (https://appsec.eu/trainings/) for the list of the catalogue of training classes.


OWASP AppSec LATAM 2013 (https://www.owasp.org/index.php/AppSecLatam2013)
Call for Training and Call for Papers are now open (Deadline is August 2, 2013) - Click Here (https://www.owasp.org/index.php/AppSecLatam2013) to submit your training or your talk


OWASP AppSec USA 2013 (http://appsecusa.org)
Click Here (http://appsecusa.org/2013/schedule/) for the full schedule of Talks and Training Classes
Contact Us (http://appsecusa.org/2013/sponsors/) to secure your sponsorship opportunity for the exhibit hall or for the career fair
Click Here (http://appsecusa.org/2013/activities/) to find out about all the awesome activities planned for the conference (Lockpick Village, Career Fair, OWASP Project Summit, Project and Chapter Workshops, 3K for Charity, and more ...)

Looking Ahead to 2014

AppSec APAC 2014 - March 17-20 Tokyo, Japan

AppSec Research 2014 - June 2014 Cambridge UK

AppSec USA 2014 September 2014 Denver, CO

LOCAL AND REGIONAL EVENTS

OWASP China 2013 Forum (http://www.owasp.org.cn/OWASP_Conference/2013forum/owasp-china-2013-forum) - July 12-22;
Bejing, Shanghai, and Guangzhou - 

OWASP India Conference 2013 (http://2013.owasp.in/) - Aug 30-31; New Delhi, India

Ghana Cyber Security (https://www.owasp.org/index.php/Ghana) - September 5-6; This event is looking for speakers to help grow the OWASP presence in Africa!  Contact Theodore Sagoe (mailto:theodore.sagoe at owasp.org) for details

OWASP New Zealand Day 2013 (https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013) - Sept 11-12; Auckland, New Zealand - Call for Presentations, Training, and Sponsorship is OPEN!

LASCON 2013 (http://lascon.org) - Oct 24-25, Austin, TX
Call for proposals is open until July 31 - Submit your proposal! (https://www.easychair.org/account/signin.cgi?conf=lascon2013)

PARTNER AND PROMOTIONAL EVENTS
​OWASP has partnered with these great events in the latter half of 2013 to grow our community and build awareness around software security.  If you want to learn more about OWASP's involvement or will be attending and want to participate, please CONTACT US



 - (ISC)2 Secure Rome Conference 2013 (https://www.isc2.org/EventDetails.aspx?id=10500) - July 9; Rome, Italy

 - BlackHat 2013 (https://www.blackhat.com/us-13/) - July 27-Aug 1; Las Vegas, NV - OWASP Members receive a $200 discount with the code:  Uurtcw00

 - OHM 2013 (https://ohm2013.org/site/) - July 31-Aug 4; Geestmerambacht, NL

 - International Conference on Cyber Security (ICCS) (http://www.iccs.fordham.edu/) - Aug 5-8; New York, NY

 - (ISC)2 Security Congress Chicago, IL (https://congress.isc2.org/) - Sept 24-27; Chicago, IL - OWASP members receive a 20% discount with the code:  OWASP

 - ISSA International Conference (http://www.issa.org/?page=Conference) - Oct 9-10; Nashville, TN

 - HITBSecConf 2013 (http://conference.hitb.org/) - Oct 14-17; Kuala Lumpur, Malaysia

 - Rochester Security Summit 2013 (https://www.rochestersecurity.org/) - Oct 22-23; Rochester, NY

 - RSA Conference Europe 2013 (http://www.rsaconference.com/events/2012/europe/index.htm) - Oct 29-31; Amsterdam, Netherlands - OWASP members receive 100 Euro discount with the code:  12E3OWASPD

 - Cloud Security Alliance Congress 2013 (http://www.misti.com/default.asp?page=65&Return=70&ProductID=4985) - Dec 4-5; Orlando, FL

​

    

CORPORATE MEMBERSHIPS

Thank you to: Axran, Cloud Passage, and Netsparker for joining as corporate members

Thank you to:  RedSpin and Security Innovation for their annual renewal

2013 OFFICIAL BOARD ELECTION UPDATES

The deadline to submit your candidacy is August 16, 2013. (https://www.owasp.org/index.php/2013_Board_Elections)

We would like the community to submit interview questions.  These questions will be posed to the candidates during the pre election interviews.
SUBMIT YOUR QUESTIONS (https://www.google.com/moderator/#16/e=20f717)

Voting is limited to paid/honorary members who are in good standing as of September 30, 2013.  Be sure to join or renew your membership (https://www.owasp.org/index.php/Membership)

2013 WASPY AWARDS

The WASPY (Web Application Security Person of the Year) Awards were started in 2012 with the assistance and sponsorship of Qualys and Trustwave.  This year, the awards will recognize 5 different individuals in 5 different categories.

Take advantage of this opportunity to help OWASP globally recognize members of our community for their efforts to drive awareness of software security through leadership, outreach, and innovation.

SUBMIT YOUR NOMINEE (http://www.tfaforms.com/284578)
SPONSOR THE AWARDS (https://docs.google.com/a/owasp.org/document/d/1VDBZ4vnJ52XkB2MJ35PCdMUTbS8qFmChkL24-GsygtY/edit)

GET YOUR CREDITS!

Register to participate in the OWASP Webinar Series.  This provides an opportunity to review some of the top security talks AND earn CPE credits!

the Next Webinar is scheduled for Wednesday July 10, 2013.  The talk title is:  "AppSec Training, Securing the SDLC, WebGoat.NET, and the meaning of life" by Jerry Hoff.  This is a showing of Jerry's AppSec USA 2012 presentation.

at 10am EDT 
 (https://www3.gotomeeting.com/register/733584406)
and
at 9pm EDT
 (https://www3.gotomeeting.com/register/978423854)


Wednesday July 24
Four Axes of Evil:  HD Moore

at 10am EDT
 (https://www3.gotomeeting.com/register/173154142)
and
at 9pm EDT
 (https://www3.gotomeeting.com/register/298948942)

If you are interested in giving a live presentation during the webinar series, please contact us (http://owasp4.owasp.org/contactus.html).



FEATURED PARTNER EVENTS

 (http://www.rsaconference.com/events/eu13)
The information security issues that matter, the expertise to help.  Enjoy 60 track sessions plus debates and keynotes.  Build your knowledge and further your career at RSA Conference Europe



Join us for the Third Annual (ISC)2 Security Congress!  Co-located with ASIS 2013 59th Annual Seminar and Exhibits.  September 24-27, 2013; McCormick Place, Chicago, IL; OWASP Members Save 20% off conference registration with the discount code:  OWASP

The (ISC)2 Security Congress event offers invaluable education to all levels of information security professionals.  The impressive lineup includes speakers from the Department of Homeland Security, Prudential, Humana, TSA, University of Maryland, DAS Global, Excelon and more with 9 different tracks and over 80 sessions.  tracks include:  Application Security, Cloud Security, Government Security, GRC, Malware, Mobile Security/Social Networking, Software Assurance, Swiss Army Knife, and Threats.  Register Now! (https://congress.isc2.org/)

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-all/attachments/20130704/8fd2686e/attachment-0001.html>


More information about the Owasp-all mailing list