[Owasp-Cluj] Fwd: OWASP March 19 Connector

Lucian Corlan lucian.corlan at owasp.org
Mon Mar 23 08:26:12 UTC 2015


---------- Forwarded message ----------
From: The OWASP Foundation <The_OWASP_Foundation at mail.vresp.com>
Date: Fri, Mar 20, 2015 at 12:25 AM
Subject: OWASP March 19 Connector
To: lucian.corlan at owasp.org



<http://cts.vresp.com/fbl?98bd849cad/d412b5f4f4/http%3A%2F%2Fhosted-p0.vresp.com%2F1479611%2F98bd849cad%2FARCHIVE%23like>
<http://cts.vresp.com/ts?98bd849cad/d412b5f4f4/http%3A%2F%2Fapi.addthis.com%2Foexchange%2F0.8%2Fforward%2Ftwitter%2Foffer%3Ftemplate%3D%257B%257Btitle%257D%257D%2B%257B%257Burl%257D%257D%26url%3Dhttp%253A%252F%252Fhosted-p0.vresp.com%252F1479611%252F98bd849cad%252FARCHIVE%26shortener%3Dbitly%26title%3DOWASP%2BMarch%2B19%2BConnector>
<http://cts.vresp.com/ls?98bd849cad/d412b5f4f4/http%3A%2F%2Fapi.addthis.com%2Foexchange%2F0.8%2Fforward%2Flinkedin%2Foffer%3Ftemplate%3D%257B%257Btitle%257D%257D%2B%257B%257Burl%257D%257D%26url%3Dhttp%253A%252F%252Fhosted-p0.vresp.com%252F1479611%252F98bd849cad%252FARCHIVE%26shortener%3Dbitly%26title%3DOWASP%2BMarch%2B19%2BConnector>
 [image: OWASP Global Connector]

March 17, 2015 || www.owasp.org
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/0703adb76f>
| Contact Us
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6f19561c12>
| Brought to you by the OWASP Foundation
  [image: Communications] <#14c34249b4c0ed57_CommunicationsHeading> 2015
Strategic Goals <#14c34249b4c0ed57_GOALS> OWASP Adrenaline
<#14c34249b4c0ed57_ANNUAL> OWASP and the 2015 LATAM tour promoted on Mundo
Hacker TV <#14c34249b4c0ed57_TV>  [image: membership]
<#14c34249b4c0ed57_MembershipHeading> Corporate Members
<#14c34249b4c0ed57_CorpMem>  [image: Conference]
<#14c34249b4c0ed57_ConferenceHeading> AppSec EU 2015 Updates
<#14c34249b4c0ed57_EU> AppSec USA 2015 Call for Training Open
<#14c34249b4c0ed57_USA> OWASP SAMM Project Summit <#14c34249b4c0ed57_SAMM> 2015
LATAM Tour <#14c34249b4c0ed57_LATAM> Partner and Promotional Events
<#14c34249b4c0ed57_PartnerEvents>   [image: chapters]
<#14c34249b4c0ed57_ChapterHeading> New OWASP Chapters
<#14c34249b4c0ed57_NewChapters> Chapter Transitions
<#14c34249b4c0ed57_NewChapters>  [image: projects]
<#14c34249b4c0ed57_Projects> OWASP Dependency-Track 1.0.0 Released
<#14c34249b4c0ed57_Track> OWASP Vicnum Project Updated
<#14c34249b4c0ed57_Vicnum> OWASP Dependency Check 1.2.9 released
<#14c34249b4c0ed57_Check> CISO Survey Translated to Spanish
<#14c34249b4c0ed57_CISO>  [image: Social Media]
<#14c34249b4c0ed57_SocialMedia> OWASP Foundation Social Media
<#14c34249b4c0ed57_Social>
------------------------------
------------------------------
  [image: Communications]
 *OWASP Communications*
  Where do we go from here - OWASP releasing strategic goals for 2015! by
Tobias Gondrum, Chairman of the Board

Over the last years OWASP has grown and further followed our successful
path improving Web and Application Security around the world. Today, our
organization is in great shape and we are building up to what is promising
to become a fantastic year 2015 for OWASP!

In the previous years we frequently set strategic goals to focus our global
activities and to further our mission in specific and measurable ways. It
is important to note that these goals are by no means a view to limit our
community activity on only these goals. But rather the goals are to inspire
new actions in addition to our already many ongoing great activities and to
focus some of our efforts where we see great potential for OWASP and our
mission to make application security more visible around the world.

This year we wanted to include more community feedback into these goals. In
January, we sent out a survey to the OWASP Community asking for your
thoughts on our strategic goals for 2015. And we received an amazing high
turnout and feedback from over 1,100 people responding to our survey. Thank
you all for that! Your feedback was extremely valuable and greatly
appreciated! It guided our priorities in 2015 and beyond. And we also
received a lot of messages from volunteers in the survey who want to join
some of the activities on these goals. Don't worry we will get back to you
on this, now.

Today we proudly release the following three strategic goals for 2015:

   - Build a scalable OWASP training program that spreads security training
   around the world.
   - Strengthen OWASP chapters and increase Chapter's abilities to spread
   the message of OWASP through locally organized and run events.
   - Mature the OWASP Projects Platform: Provide the OWASP projects
   community a mature project platform to encourage senior developers to
   participate in the various and many OWASP projects.

For More details on these goals and some of the actions we plan to do to
achieve them, please take a look at our WIKI PAGE
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/bd1a6e1526>

Over the recent months and years, we already see amazing new chapter
activities, project work and a lot of people from the community joining as
volunteers and leaders. We are an open community organisation, and every
activity is driven by you, our thousands of volunteers, members and leaders
around the world. So if you have an idea how to contribute to the goals
above (or any other exciting OWASP activity), we like to hear from you. If
you like to join one of our many activities, please let us know, join the
community list (owasp-community at lists.owasp.org, free to join for everyone)
and post your interest or idea there to find other interested people to
join you, or write to our community manager Noreen Whysel
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/eb9052d949>.


We want you to get involved!

YOU are OWASP - OWASP needs YOU!

With that, I wish all of us an amazing and exciting time ahead.

Tobias Gondrom, Chairman of the Board

  OWASP Adrenaline 2014 OWASP Annual Report Call for Content

The OWASP Foundation is looking for exciting and illustrative success
stories from YOU, the community for inclusion in our 2014 Annual Report.
This years theme is simply: Growing, Learning, Sharing, Leading.

Tell us how you and your team worked to spread the OWASP mission [link to
mission statement] in 2014. Here are some ideas but feel free to be
creative!

   - How did your local/regional/global collaborate spread security
   awareness?
   - What types of educational outreach did you and/or your team accomplish?
   - How did you and/or your team leverage the OWASP platform to inspire
   non security professionals to turn their attention to application security?
   - Where did you leave a BIG OWASP footprint?
   - How did YOU benefit from the different facets of the OWASP platform?

Submit your content - articles, pictures, ideas [here] by April 14, 2015.
This is your opportunity to share with the world why you participate. We
want everyone to contribute! Everyone’s story is important to the
Foundation. Become globally famous by submitting your picture and/or brief
bio so we can be sure to give you credit for your contribution. Of course,
you may also request to remain anonymous if you prefer.
  OWASP and 2015 LATAM Tour represented on Mundo Hacker TV

OWASP was represented on Mundo Hacker TV by Fabio Cerullo

CLICK HERE
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/4040eac3cc>
to watch the entire interview.
 ------------------------------
  [image: Membership]
 *OWASP Membership*
  New Corporate Members

   - Software Improvement Group
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6df7ee8794>

Renewed Corporate Members

   - Aspect Security
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/30c440de5f>
   - BCC Risk Advisory
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/d731d6dad2>
   - Denim Group
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6e91a5f7ab>
   - Oracle
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/be79dc0b29>
   - Twitter
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/d75edb8865>

  ------------------------------
  [image: Conference]
 *OWASP Events*
  OWASP AppSec EU Updates

The Keynotes have been published and the program is taking shape!

Tuesday 19th May, 2015

   - Day One of the two day trainings
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/5e202fdaba>
   - Day One of the Project Summit
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/d7872db0cb>
   - Day One of the University Challenge
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/ea3ec122c0>

Wednesday 20th May, 2015

   - One Day Trainings
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/69a9da667d>
   - Day Two of the two day trainings
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/76c10a5056>
   - Day Two of the Project Summit
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/0f18e87608>
   - Day Two of the University Challenge
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/e4ee098899>

Thursday and Friday 21st and 22nd May, 2015

Conference Days including: Keynotes,
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/13112daa0d>CISO,
DEV, Hack, Ops, and Research talks
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/3f4f7f90b7>,
HackPra Allstars,
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/fd966f51a9>
Hands on sessions, and more ...
AppSec USA 2015 Call For Training Is Open

OWASP is soliciting training providers for the AppSec USA Conference.

Please submit via this Google Form.
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/8a0c3173e5>

Submission Deadline is April 15, 2015

We are interested in all topics related to Web Application Security and
OWASP, in particular, but not limited to (these are just examples):

   - Secure development: frameworks, best practices, secure coding,
   methods, processes, SDLC
   - Vulnerability analysis: code review, pentest, static analysis
   - Threat modelling
   - Cloud Security
   - Browser Security
   - HTML5 Security
   - OWASP tools or projects in practice
   - New technologies, paradigms, tools
   - Privacy in web apps, Web services (REST, XML) and data storage
   - Operations and software security
   - Management topics in Application Security: Business Risks,
   Outsourcing/Offshoring, Awareness Programs, Project Management, Managing
   SDLC

More information on the Call for Training can be found HERE
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6e5356fe2f/page_id=761>
OWASP SAMM Project Summit

Join us for the first OWASP SAMM Project Summit in Dublin March 27-28.

Friday is User Day covering talks, training, and round tables followed by a
social event.

Saturday is Project Day covering the release of version 1.1, workshops, and
roadmap discussions

Participate and steer one of our great flagship projects to the next level!

Details and registration can be found HERE.
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/4c17c98c5a>
Follow us on twitter @OwaspSAMM
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/9ef31741d7>
LATAM Tour 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/bc11513ce9>

   *Agenda*
   - Santiago, Chile: April 8-9, 2015
   - Patagonia, Argentina: April 10, 2015
   - Bucaramanga, Colombia: April 14, 2015
   - Montevideo, Uruguay: April 15-16, 2015
   - Lima, Peru: April 17-18, 2015
   - Santa Cruz, Bolivia: April 17-18, 2015
   - San Jose, Costa Rica: April 21, 2015
   - Guatemala, Guatemala: April 21-22, 2015
   - Buenos Aires, Argentina: April 23-24, 2015
   - Caracas, Venezuela: April 23-24, 2015


   *Additional Information*
   - Call for Papers AND Training are now open. Submission deadline
   February 15, 2015
   - Sponsorship Opportunities are Available
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/093402d1a4>

Partner and Promotional Events

Info Security Indonesia Conference
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/740bb6fb25>
(March 24, 2015) Jakarta, Indonesia

BlackHat Asia 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/a6e6dee58a>
(March 24-27, 2015) Singapore. OWASP members receive $200 off briefings
using code BRow200.

(ISC)2 SecureIreland Conference 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/03d6720600>
(March 31, 2015) Dublin Ireland. OWASP Members receive 20% off general
event fees. Discount code OWASPISSCIRE

Cyber Security Summit Europe - Financial Sector
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/ed08d67a1f>
(April 14-15, 2015) Prague, Czech Republic. OWASP Members receive 20% off
general event fees. Discount code CSSOW

AppsWorld Germany 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/7bacfc3f77>
(April 22-23, 2015) Berlin, Germany

AppsWorld North America 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/ad87b7b812>
(May 12-13, 2015) San Francisco, CA

SANS CyberTalent Fair
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/b340d97e43>
(May 14-15, 2015) Virtual, online

International Conference on Cyber Security (ICCS)
<http://www.iccs2015.iaasse.org/> (May 16-17, 2015) City of Redlands, CA.
OWASP members receive 25% off the general event fee. Discount code ICCSOWASP

Cloud Security World 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/80b237f30f/Page=65&Return=70&ProductID=19392>
(May 19-21, 2015) New Orleans, LA..OWASP members receive a 25% discount off
standard event fee. Discount code CLD15-OWASP

Hack In the Box
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/232af5ef23>
(May 26-29, 2015) OWASP members receive 20% off by using discount code
OWASP-HITB2015AMS

SC Congress Toronto
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/e5f8f2f989>
(June 10 - 12, 2015) Toronto, Canada. Register with your @owasp email
address and receive a discount.

EuroPython 2015
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/c1bb2be06c>
(July 20-26, 2015) Bilbao, Spain

Info Security Malaysia Conference
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/306fc53c00>
(August 6, 2015) Kuala, Lumpur

 ------------------------------
  [image: bh europe]
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/44f849536e>
 [image:
contrast january]
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/58d5a73fdd>
 [image:
coalfire]
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/0fc69ca097>
------------------------------
  [image: chapters]
 *OWASP Chapters*
  New Chapters

*Southern New Hampshire*
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/0c36448648>
- Chapter Leaders - James Burroughs and Edmond Holohan

*Knoxville, TN*
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/2170284227>
- Chapter Leader - Daniel Harvey

*Bihar, India*
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/39464a09a2>
- Chapter Leader - Nishant

*Northern Sweden*
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/8cb1da34b1>
- Chapter Leaders - Markus Örebrand and Magnus Hultdin
Chapter Transitions

*Guatemala*
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/584177f140>
- New Chapter Leaders - Pablo Barrera and Camilo Fernandez

*Busan, Korea*
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/c2ee993e58>
- Chapter Leaders - Jang-Goon Sohn (Treasurer), Park Chang-Hyun, and Jang
Byeong-jo

*Share your chapter's successes! Submit your stories here
<support at owasp.org>*
  ------------------------------
  [image: projects]
 *OWASP Projects*
  OWASP Dependency-Track 1.0.0 Released

Dependency-Track is a webapp that allows organizations to document the use
of third-party components across multiple applications and versions.
Further, it provides automatic visibility into the use of components with
known vulnerabilities. Dependency-Track compliments the wildly successful
and highly useful Dependency-Check project by embedding its core engine and
fulfilling additional use cases. It's another tool to combat the A9 problem.

You can get more information about the project and the release HERE
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/ec9983e49b>
OWASP Vicnum Project Updated

The OWASP Vicnum Project
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/d790a90ca9>
has been updated to include a vulnerable XXE VM at
http://xxe.sourceforge.net/
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/f76de05885>

This VM was used in recent CTF events including the Breaking Bad challenge
event at AppSec USA 2013 in NYC.

As with other vulnerable or broken apps, the basic goal of the project is
to:

   - Test web application scanners
   - Test manual attack techniques
   - Test source code analysis tools
   - Look at the code that allows the vulnerabilities
   - Test web application firewalls
   - Have a little fun

OWASP Dependency Check 1.2.9 released

The OWASP Dependency-check
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6f5b1de600>
team is pleased to announce the release of 1.2.9! This release contains
general maintenance, upgrading dependent libraries, minor bug fixes, etc.

Please visit the documentation site
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/aad1bcf1fb>
for information on obtaining the new version (CLI,
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/ce420c6100>Maven
Plugin,
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/df97be52a1>Ant,
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/a535bed205>Task,
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/e363143715>Jenkins
Plugin
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/993f7e68a3>
)

The changes of note are:

   - The Maven plugin was reworked to correctly process child modules when
   creating an aggregate project. Included in the change were several other
   issues end users have contacted me about.
   - Reduced false negatives with regard to some versions of Spring.
   - Fixed issue #196 - Some JAR files do not contain POM files yet a full
   POM is available from Central (or alternatively Nexus). Both the Central
   and Nexus analyzers will now look for and retrieve the POM if one has not
   been found locally. A result of this change is that if both the Central and
   Nexus analyzer are disabled there is a chance of false negatives (i.e. the
   dependency could not be correctly identified as vulnerable).
   - Fixed issue #185 - Maven aggregate reports now display the project
   name that references vulnerable dependency.

We continue to get help from the github community! This release includes
PRs from Ahmet Kiyak
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/59d4b100df>
and Hans Joachim Desserud.
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6507b492cd>
Thanks for all your help!
OWASP CISO Guide Translated into Spanish

You can reference it OWASP Vicnum Project
<http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/2140b2e137>
HERE.
 ------------------------------
  [image: Social Media]
 *OWASP Social Media*
  OWASP Social Media Sites

   - OWASP YouTube Channel
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/6a7c4a37cc>
   - LinkedIn
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/f53dc2362c>
   - Twitter
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/4f8d04ed82>
   - Google +
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/30d791d73d>
   - Facebook
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/f6b3f16a2d>
   - Ning
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/c339dec549>
   - StackOverflow
   <http://cts.vresp.com/c/?TheOWASPFoundation/98bd849cad/d412b5f4f4/a5750a4fac/tab=newest&q=owasp>



------------------------------
  Click to view this email in a browser
<http://hosted.verticalresponse.com/1479611/98bd849cad/543936139/d412b5f4f4/>

If you no longer wish to receive these emails, please reply to this message
with "Unsubscribe" in the subject line or simply click on the following
link: Unsubscribe <http://cts.vresp.com/u?98bd849cad/d412b5f4f4/mlpftw>
------------------------------
  The OWASP Foundation
1200-C Agora Drive
#232
Bel Air, Maryland 21014
US

Read <http://www.verticalresponse.com/content/pm_policy.html> the
VerticalResponse marketing policy.
  [image: Non-Profits Email Free with VerticalResponse!]
<http://www.verticalresponse.com/landing/ef/?np/98bd849cad&utm_campaign=footer&utm_medium=referral&utm_source=footer>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cluj/attachments/20150323/4f4d424e/attachment-0001.html>


More information about the Owasp-Cluj mailing list