OWASP Connector July 16, 2013

Kate Hartmann kate.hartmann at owasp.org
Wed Jul 17 00:29:02 UTC 2013

 OWASP Connector July 16, 2013


OWASP OpenSAMM Project (https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model#tab=OpenSAMM)

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.  SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development.  Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project.  For more information, please visit the OWASP OpenSAMM Project wiki page (https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model#tab=OpenSAMM).


OWASP Wordpress Security Checklist Project (https://www.owasp.org/index.php/OWASP_Wordpress_Security_Checklist_Project)

While there are several good articles on how to secure a Wordpress installation, there is no project on this topic that people can discuss and contribute to that is a definitive and homogeneous checklist.  This project aims to solve this need.  For more information, please contact the project leader, Dan Vasile (mailto:Dan.Vasile at owasp.org).

OWASP Windows Binary Executable Files Security Checks Project (https://www.owasp.org/index.php/OWASP_Windows_Binary_Executable_Files_Security_Checks_Project)

The "Windows Binary Executable Files Security Checks" documentation project aims to provide a security check-list and the tools necessary to assess the security of Windows executable files.  For more information, please contact the project leader Dan Vasile (mailto:Dan.Vasile at owasp.org). 

OWASP Supporting Legacy Web Applications in the Current Environment Project (https://www.owasp.org/index.php/OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project)

Legacy web applications are a reality in life.  Even now, there are several out there, some of them supporting sensitive business areas like banking, insurance, marketing, and idea generation.  As these applications get outsourced for maintenance, security becomes a crucial aspect both from a perspective of outsourcing and the inherent vulnerabilities of the web app.  I would like to highlight these challenges and bring forth the critical security points in legacy web apps.  For more information, please contact the project leader Shruti Kulkarni (mailto:shruti.kulkarni at owasp.org).

OWASP SeraphimDroid Project (https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project)

SeraphimDroid is an educational application for android devices that helps users learn about risks and threats coming from other android applications.  SeraphimDroid scans your devices and teaches you about risks and threats coming from application permissions.  For more information, please contact the project leader Nikola Milosevic (mailto:nikola.milosevic at owasp.org).


OWASP Project Summit:  AppSec USA (http://appsecusa.org/2013/activities/owasp-project-summit/)

The OWASP Project Summit is a smaller version of the much larger OWASP summits.  This event activity gives our project leaders the opportunity to showcase their project progress, and have attendees sit down and work on project tasks during the event.  It is an excellent opportunity to engage the event attendees, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.  Register for AppSec USA (http://appsecusa.org/2013/register/) and don't miss out on this great opportunity to work on an OWASP Project.

OWASP Project Leader Workshop:  AppSec USA (http://appsecusa.org/2013/activities/project-leader-workshop/)

The Project Leader Workshop is a 45 minute event activity that brings together current and potential OWASP project leaders to discuss project related issues and topics.  Register for AppSec USA (http://appsecusa.org/2013/register/) and don't miss out on this great opportunity to learn more about how to lead an OWASP Project. 

OWASP Women in AppSec News! (http://appsecusa.org/2013/activities/owasp-women-in-application-security-appsec-program/)

The Women in AppSec Call for Applicants is now open.  Apply now if you are a female student at either the undergraduate or graduate level, an instructor, or a professional working woman who is interested in sponsorship to attend the AppSec USA 2013 conference in New York City.  Apply here:  Application Form (https://docs.google.com/a/owasp.org/forms/d/1WEtInvzlxLDXpTgfXh-E1E7e8H5FRfEOPIaTOizlBpk/viewform?edit_requested=true).


OWASP AppSec EU 2013 (https://appsec.eu/)

The Full Conference Schedule is Online (http://sched.appsec.eu/)

Pre-conference training classes are filling up fast (https://appsec.eu/trainings/)

A limited number of sponsorship opportunities (https://appsec.eu/wp-content/uploads/2013/03/Sponsorship-Description-AppSec-EU-2013.pdf) are still available, contact us to reserve your spot (mailto:sponsoring at owasp.de)

OWASP AppSec LATAM 2013 (https://www.owasp.org/index.php/AppSecLatam2013)
Call for Training and Call for Papers are now open (Deadline is August 2, 2013) - Click Here (https://www.owasp.org/index.php/AppSecLatam2013) to submit your training or your talk

OWASP AppSec USA 2013 (http://appsecusa.org)
Click Here (http://appsecusa.org/2013/schedule/) for the full schedule of Talks and Training Classes

Contact Us (http://appsecusa.org/2013/sponsors/) to secure your sponsorship opportunity for the exhibit hall or for the career fair

Click Here (http://appsecusa.org/2013/activities/) to find out about all the awesome activities planned for the conference (Lockpick Village, Career Fair, OWASP Project Summit, Project and Chapter Workshops, 3K for Charity, and more ...)

We want ALL chapters, GLOBALLY, to share in the success of this event.  For each ticket to AppSec USA that your chapter sells between July 15 and August 15, your chapter will receive $50 USD in your chapter's account.  Be sure your referrals enter in the appropriate promotional code during registration.

AppSec USA promotional resources (http://appsecusa.org/2013/resources/)

List of Chapter Codes to be entered during registration (https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdDRLcU9Ta0N2bXpPWjFmT0hMUnh2cHc#gid=3)


OWASP China 2013 Forum (http://www.owasp.org.cn/OWASP_Conference/2013forum/owasp-china-2013-forum) - July 12-22;
Bejing, Shanghai, and Guangzhou - 

OWASP India Conference 2013 (http://2013.owasp.in/) - Aug 30-31; New Delhi, India

Ghana Cyber Security (https://www.owasp.org/index.php/Ghana) - September 5-6; This event is looking for speakers to help grow the OWASP presence in Africa!  Contact Theodore Sagoe (mailto:theodore.sagoe at owasp.org) for details

OWASP New Zealand Day 2013 (https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013) - Sept 11-12; Auckland, New Zealand - Call for Presentations, Training, and Sponsorship is OPEN!

LASCON 2013 (http://lascon.org) - Oct 24-25, Austin, TX
Call for proposals is open until July 31 - Submit your proposal! (https://www.easychair.org/account/signin.cgi?conf=lascon2013)

​OWASP has partnered with these great events in the latter half of 2013 to grow our community and build awareness around software security.  If you want to learn more about OWASP's involvement or will be attending and want to participate, please 

CONTACT US (http://owasp4.owasp.org/contactus.html)
 - BlackHat 2013 (https://www.blackhat.com/us-13/) - July 27-Aug 1; Las Vegas, NV - OWASP Members receive a $200 discount with the code:  Uurtcw00

 - OHM 2013 (https://ohm2013.org/site/) - July 31-Aug 4; Geestmerambacht, NL

 - International Conference on Cyber Security (ICCS) (http://www.iccs.fordham.edu/) - Aug 5-8; New York, NY

 - (ISC)2 Security Congress Chicago, IL (https://congress.isc2.org/) - Sept 24-27; Chicago, IL - OWASP members receive a 20% discount with the code:  OWASP

 - ISSA International Conference (http://www.issa.org/?page=Conference) - Oct 9-10; Nashville, TN

 - HITBSecConf 2013 (http://conference.hitb.org/) - Oct 14-17; Kuala Lumpur, Malaysia

 - Rochester Security Summit 2013 (https://www.rochestersecurity.org/) - Oct 22-23; Rochester, NY

 - RSA Conference Europe 2013 (http://www.rsaconference.com/events/2012/europe/index.htm) - Oct 29-31; Amsterdam, Netherlands - OWASP members receive 100 Euro discount with the code:  12E3OWASPD

 - Cloud Security Alliance Congress 2013 (http://www.misti.com/default.asp?page=65&Return=70&ProductID=4985) - Dec 4-5; Orlando, FL




We would like to thank 
eLearn Security 
for their new membership and 
Gotham Digital Science 
for their renewal


The deadline to submit your candidacy is August 16, 2013. (https://www.owasp.org/index.php/2013_Board_Elections)

We would like the community to submit interview questions.  These questions will be posed to the candidates during the pre election interviews.
SUBMIT YOUR QUESTIONS (https://www.google.com/moderator/#16/e=20f717)

Voting is limited to paid/honorary members who are in good standing as of September 30, 2013.  Be sure to join or renew your membership (https://www.owasp.org/index.php/Membership)


The WASPY (Web Application Security Person of the Year) Awards were started in 2012 with the assistance and sponsorship of Qualys and Trustwave.  This year, the awards will recognize 5 different individuals in 5 different categories.

Take advantage of this opportunity to help OWASP globally recognize members of our community for their efforts to drive awareness of software security through leadership, outreach, and innovation.

SUBMIT YOUR NOMINEE (http://www.tfaforms.com/284578)
SPONSOR THE AWARDS (https://docs.google.com/a/owasp.org/document/d/1VDBZ4vnJ52XkB2MJ35PCdMUTbS8qFmChkL24-GsygtY/edit)


Register to participate in the OWASP Webinar Series.  This provides an opportunity to review some of the top security talks AND earn CPE credits!

the Next Webinar is scheduled for Wednesday July 24, 2013.  The talk title is:  "Four Axes of Evil" by  HD Moore.  This is a showing of Jerry's AppSec USA 2012 presentation.

Wednesday July 24
Four Axes of Evil:  HD Moore

at 10am EDT
at 9pm EDT

​Wednesday, August 14
​Jack Mannino unveils the MAJOR release for GoatDroid (https://github.com/jackMannino/OWASP-GoatDroid-Project)

at 10am EDT (Live Webinar)

at 9pm EDT (replay of the Live Webinar)


If you are interested in giving a live presentation during the webinar series, please contact us (http://owasp4.owasp.org/contactus.html).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-all/attachments/20130716/14399a45/attachment-0001.html>

More information about the Owasp-all mailing list