[Owasp-Colombia] Fwd: OWASP Connector June 20, 2013

German Alonso Suárez Guerrero german.suarez at owasp.org
Fri Jun 21 15:56:36 UTC 2013

Buenos días,

Reenvío información de la comunidad:

 *OWASP Connector June 20, 2013*
 [image: Header Logo]
 [image: SummerOfCode]
 Last April, it was announced that OWASP would once again be participating
in Google's Summer of code.  We received 82 proposals from around the world
and were granted 11 slots by Google.  Our mentors carefuly reviewed and
ranked the proposals, and today we are delighted to announce the students
that will work with OWASP in the coming months.

*The OWASP GSOC 2013 Winners are listed below - in no particular order*

*OWASP ZAP - Enhanced HTTP Session Handling and users/roles*
 *Student:* Cosmin Stefan
*Mentor/s:* Guifre Ruiz / Simon Bennetts
*Brief description:* Enhancing the HTTP Session handling of ZAP in order to
add the capability to set up and/or identify users and roles and in order
to add a series of various views, actions and scans that are dependent on a
particular user/role.

 *OWASP ModSecurity CRS - Port to Java*
 *Student:* Mihai Pitu
 *Mentor/s:* Breno Silva / Ryan Barnett
 *Brief description:* The goal of this GSOC project is to have a
ModSecurity version that can be used within Java servers (e.g. Tomcat). In
order to achieve this, the standalone C code will be wrapped using the JNI
framework and the resulting ModSecurity Java project will be used as a
module for Tomcat server. Also, we will collaborate with the OWASP WebGoat
team in order to integrate ModSecurity for Java into it.

 *OWASP OWTF - Inbound Proxy with MiTM & Caching Capabilities*
 *Student:* Bharadwaj Machiraju
 *Mentor/s:* Krzysztof Kotowicz / Abraham Aranguren
 *Brief description:* This project will create an inbound proxy module in
the OWASP Offensive Web Testing Framework (OWTF) so that human navigation
of a website can take advantage of the functionality in OWTF plugins in an
automated fashion regardless of authentication, mandatory fields,
client/server side redirects or HTTP response codes that might confuse
automated tools. This will ensure increased efficiency in the security
testing process and also help in complete identification of the attack
surface of a website by identifying and automatically analysing all
application entry points as soon as the user accesses them through the

 *OWASP OWTF - Multiprocessing*
 *Student:* Ankush Jindal
 *Mentor/s:* Andres Riancho / Abraham Aranguren
 *Brief description:* In this project, we will modify OWTF to use
multiprocessing while scanning multiple URLs which is presently done
sequentially (one after another). This will improve efficiency while
scanning multiple URLs.

 *OWASP OWTF - Reporting *
 *Student:* Assem Chelli
 *Mentor/s:* Hani Benhabiles / Abraham Aranguren
 *Brief Description:* A common complaint about OWASP OWTF so far has been
that the report is not very shiny. The intention here is to: Move as much
of the HTML away from python files into template files, apply some nice web
design to the report so that it is more nice and comfortable to work with,
and improve the interactive report load time.

 *OWASP OWTF - Unit Test Framework*
 *Student:* Alessandro Fanio González
 *Mentor/s:* Andrés Morales / Abraham Aranguren
 *Brief Description:* As OWASP OWTF grows it makes sense to build custom
unit tests to automatically re-test that existing functionality remains
intact. In this project we would like to create a unit testing framework so
that creating OWASP OWTF unit tests is as simple as possible. The goal of
this project is to create the Unit Test Framework and as many unit tests as
possible to verify OWASP OWTF functionality.

 *OWASP PHP Security Project*
 *Student:* Rahul Chaudhary
 *Mentor/s:* Azeddine Islam Mennouchi / Andrew van der Stock
 *Brief description: *To make some stand-alone libraries to strengthen
security in PHP and to alleviate some of the security risks as cited in the
OWASP Top 10 list. Then to extend the collection of these libraries into a
basic framework which would evolve in time.
 *OWASP ZAP - SAML 2.0 Support*
 *Student:* Pulasthi Mahawithana
 *Mentor/s:* Prasad Shenoy / Kevin Wall
 Brief description: This project will enhance the ZAP's capabilities to be
able to detect and fuzz various elements and attributes of a SAML Assertion.

 *OWASP Hackademic: Plugin api and actions interface in challenges*
 *Student:* Daniel Kvist
 *Mentor/s:* Spyros Gasteratos / Kostas Papapanagiotou
 *Brief description:* This project aims to develop a plugin API for the
OWASP Hackademic Challenges CMS. The API will allow third party developers
to use Actions, Filters and Themes to customise the system.

 *OWASP ZAP - Exploring Advanced reporting using BIRT*
 *Student: *Rauf Butt
 *Mentor/s: *Johanna Curiel / Simon Bennetts
 *Brief description:* The proposed project is to explore the current
capabilities of ZAP reporting and enhance it with the help of BIRT
integration with ZAP. The proposed outcome will use the existing ZAP result
outputs and generate reports for the end-users to analyse the testing
results in a productive way.

 *OWASP ZAP - CMS Scanner*
 *Student: *Abdelhadi Azouni
 *Mentor/s:* Azeddine Islam Mennouchi / Simon Bennetts
 *Brief description: *The Project is an Implementation of a ZAP extension
to help in CMS Scanning (WordPress Joomla and Drupal as a first step)

 If your proposal was not chosen, we would like to thank you for your
participation. Please do not feel discouraged to participate in the OWASP
community regardless of GSoC as there are plenty of opportunities to apply
your knowledge.

 OWASP Social Media


   - Linkedin<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fwww.linkedin.com%2fgroups%2fGlobal-OWASP-Foundation-36874&l=Linkedin>

   - Twitter<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fwww.twitter.com%2fOWASP&l=Twitter>

   - Google +<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fplus.google.com%2fu%2f0%2fcommunities%2f105181517914716500346&l=Google+%2b>

   - Facebook<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fwww.facebook.com%2fpages%2fOWASP%2f104106462960656&l=Facebook>

   - NING<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fmyowasp.ning.com%2f&l=NING>

   - StackOverFlow<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fstackoverflow.com%2fsearch%3ftab%3dnewest%26q%3dowasp&l=StackOverFlow>


   [image: imageconference]
[image: news]
[image: 798px-Logo_AppSecEU2013-Nr3backg50]
*OWASP AppSec Research Registration NOW OPEN*

Registration has just been opened!  Early Bird closes on July 1st, so hurry

[image: register

[image: 470x135]

AppSec USA*

*THE SCHEDULE<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2fschedule%2f&l=THE+SCHEDULE>

OWASP Project Workshop<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2factivities%2fproject-leader-workshop%2f&l=OWASP+Project+Workshop>
Project Summit<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2factivities%2fowasp-project-summit%2f&l=Project+Summit>
Career Fair<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2factivities%2fcareer-fair%2f&l=Career+Fair>
3K run for Charity<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2factivities%2f3k-for-charity%2f&l=3K+run+for+Charity>
Women in Security<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2factivities%2fowasp-women-in-application-security-appsec-program%2f&l=Women+in+Security>
Lockpick Village<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fappsecusa.org%2f2013%2factivities%2flockpick-village%2f&l=Lockpick+Village>

[image: usa 2014]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww.google.com%2fmoderator%2f%2315%2fe%3d20c908%26t%3d20c908.41%26f%3d20c908.6c4a26&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f1c725d0dbace41cda5b11cc98c2b11fb.jpg%22+alt%3d%22usa+2014%22+style%3d%22height%3a+150px%3b%22+width%3d%22185%22+height%3d%22150%22+%2f%3e>
The OWASP Foundation has received two great proposals for AppSec USA 2014.
 We NEED your input!  The submissions are from the Denver, CO team and the
Omaha, NE team.  Both proposals are posted and your input is requested.  JOIN
THE DISCUSSION<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww.google.com%2fmoderator%2f%2315%2fe%3d20c908%26t%3d20c908.41%26f%3d20c908.6c4a26&l=JOIN+THE+DISCUSSION>


[image: SecureRome-468x60
(ISC)2 SecureRome 2013:  Security in the 21st Century - Threats and Trends
- July 9, 2013<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww.isc2.org%2fEventDetails.aspx%3fid%3d10500&l=(ISC)2+SecureRome+2013%3a+%c2%a0Security+in+the+21st+Century+-+Threats+and+Trends+-+July+9%2c+2013>
Synopsis: With an increasing dependence on the internet, understanding
current and potential future threats is crucial to security and business
management as threat development moves with technology development. To stay
ahead, we must understand the strategies of those who are driving the
threats while keeping an eye on the proliferation of cyber weaponry. Join
prominent industry experts at the SecureRome Conference to explore the
latest Emerging Threats & Trends to help us get ahead of the attackers. The
conference arms delegates with instincts for understanding how to
anticipate and pre-empt attack, assess the adequacy of defenses and
strategy behind them and clarify requirements for risk analysis. Network
with your peers and earn 8 CPEs.

 BlackHat 2013<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww.blackhat.com%2fus-13%2f&l=BlackHat+2013>-
July 27-Aug 1, 2013 - $200 off discount promo code for OWASP members
 Uurtcw00 (case sensitive)

ISSA International
October 9-10, 2013 - OWASP members can register and take advantage of
partner rate by using Discount code:  confOWASP62c

EC Council<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=http%3a%2f%2fwww.eccouncil.org%2f&l=EC+Council>-
July 11-16, 2013 - OWASP members can register for $99 using discount

Cloud Security Alliance Congress
December 4-5, 2013 - OWASP members receive a 10% discount using
code:  CSA13/OWASP

(ISC)2 Security
Sept 24-27, 2013 - OWASP Members save 20% off conference registration
with the discount code:  OWASP

[image: 130511_OWASP_Euro_Tour_Dublin]


The OWASP EU Tour is well underway.  There are 15 confirmed locations, 5
training sessions, and more than 30 speakers traveling around raising
awareness about OWASP and application security in the European region.

Thank you to our Gold Sponsors:  7Safe and Cigital for supporting the tour.
 Thank you, also to all of the universities who have provided us with a
venue to host our events.

Of course, the biggest thank you is to Fabio Cerullo and all of the
European Chapter leaders who are making this event such a HUGE success!

To learn more about the Tour, it's stops and how you can become a
sponsor, visit
the Tour page on the OWASP


We are currently accepting applications for a Global Event Manager.
 Complete details can be found
 Applications are being accepted through Friday, June 21, 2013.

   [image: imagemembership]
*We recognize Parasoft and Coverity, our newest corporate members!*

 *Thank you to Acunteix for renewing their corporate membership!*


Thank you to everyone who participated in the 2013 Q2 Membership Drive

 92 individuals became new members or renewed their memberships

 Click here to view the complete list of drawing

  [image: election 2]  The Call for candidates closes on August 16, 2013,
so be sure to submit your
 [image: WASPY]  The call for Nominees closes on August 16, 2013.  To get
more information (including how to sponsor the awards), CLICK
 [image: imageglobas]

*OWASP Initiatives can help you earn your CPEs!*

 Volunteering with an initiative or working on an OWASP Project can often
be counted towards CPEs for some organizations!  Be sure to check with your
professional organization for clarification!

 OWASP Global Webinar Series to begin next week!

 The OWASP Global Webinars will now become a platform to present some great
archived presentations and to run some live presentations as well.  These
webinars will - in most cases - provide CPE credit.

 Upcoming Webinars

 Wednesday, June 26, 2013
Mobile applications and Proxy Shenanigans - Dan Amodio and David Linder
(recorded AppSec USA 2012)

 10 am EDT
[image: register]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww3.gotomeeting.com%2fregister%2f484035510&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f6082d9b3edd845728f0b6139759de036.jpg%22+alt%3d%22register%22+style%3d%22width%3a+100px%3b%22+width%3d%22100%22+height%3d%2234%22+%2f%3e>

 9 pm EDT
[image: register]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww3.gotomeeting.com%2fregister%2f269081254&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f6082d9b3edd845728f0b6139759de036.jpg%22+alt%3d%22register%22+style%3d%22width%3a+100px%3b%22+width%3d%22100%22+height%3d%2234%22+%2f%3e>

Wednesday, July 10, 2013
AppSec Training, Securing the SDLC, WebGoat.NET, and the Meaning of Life -
Jerry Hoff (recorded AppSec USA 2012)

 10 am EDT
[image: register]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww3.gotomeeting.com%2fregister%2f733584406&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f6082d9b3edd845728f0b6139759de036.jpg%22+alt%3d%22register%22+style%3d%22text-align%3a+center%3b+width%3a+100px%3b%22+width%3d%22100%22+height%3d%2234%22+%2f%3e>

9 pm EDT
[image: register]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww3.gotomeeting.com%2fregister%2f978423854&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f6082d9b3edd845728f0b6139759de036.jpg%22+alt%3d%22register%22+style%3d%22text-align%3a+center%3b+width%3a+100px%3b%22+width%3d%22100%22+height%3d%2234%22+%2f%3e>

 Wednesday, July 24, 2013
Four Axes of Evil - HD Moore (recorded AppSec USA 2012)

 10 am EDT
[image: register]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww3.gotomeeting.com%2fregister%2f173154142&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f6082d9b3edd845728f0b6139759de036.jpg%22+alt%3d%22register%22+style%3d%22text-align%3a+center%3b+width%3a+100px%3b%22+width%3d%22100%22+height%3d%2234%22+%2f%3e>

9 pm EDT
[image: register]<http://www.cvent.com/events/mproc.aspx?m=43ef3c4a-c928-430b-8856-b39f470d9252&u=https%3a%2f%2fwww3.gotomeeting.com%2fregister%2f298948942&l=%3cimg+src%3d%22http%3a%2f%2fcustom.cvent.com%2fEC572D3A410E42C987AFA017E2CCF01E%2fpix%2f6082d9b3edd845728f0b6139759de036.jpg%22+alt%3d%22register%22+style%3d%22text-align%3a+center%3b+width%3a+100px%3b%22+width%3d%22100%22+height%3d%2234%22+%2f%3e>

 *University Challenge at the AppSec EU in Hamburg:*

 OWASP AooSec Research 2013 announces the University Challenge!  The
University Challenge is a competition among teams comprised of university
students that will be held on August 20-21 during the training days of the
conference.  There is no admission fee for the University challenge AND
participation in the conference is possible at the student rate - if
applicable.  During the Unversity Challenge, teams will defend a vulnerable
web application while solving Capture the Flag type challenges.

 This year, the OWASP University Challenge will be limited to 8 teams.
 Teams will consist of 4-8 students with one team per university.  Team
openings are on a first come/first served basis.  if multiple teams are
received from teh same university, the second team will be put on a wait
list.  All team members must be registered.  Registration for the
University challenge event is free.  Food and beverages will be provided
during the challenge and all participants will get an OWASP University
Challenge t-shirt.  Of course, the first three winnings teams will get some
awesome prizes (to be announced)

 *OWASP Village at OHM2013:*

 OWASP has a Village at OHM2013:
 About OHM2013:  OHM2013 - observe, hack, make.  A five day outdoor
international camping festival for hackers and makers, and tohowe with an
inquisitive mind.  On 31 July 2013, 3000 of those minds will decent upon an
assuming patch of land, at the Geestmerambacht festival grounds, 30KM north
of Amsterdam

To unsubscribe from the Owasp-all mailing list, you will need to
unsubscribe yourself from all OWASP mailing lists you belong too. This list
is automatically generated to allow OWASP to contact all it’s members
in one distribution.

Best regards, OWASP

*German Alonso Suárez Guerrero*
*OWASP Bogotá Chapter Leader*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-colombia/attachments/20130621/a643494a/attachment-0001.html>

More information about the Owasp-Colombia mailing list