[OWASP-Columbia] Fwd: OWASP Foundation | February 2016 Connector

Frank Catucci frank.catucci at owasp.org
Thu Feb 25 18:24:31 UTC 2016



Begin forwarded message:

> From: "The OWASP Foundation" <The_OWASP_Foundation at mail.vresp.com>
> Date: February 25, 2016 at 1:18:29 PM EST
> To: frank.catucci at owasp.org
> Subject: OWASP Foundation | February 2016 Connector
> Reply-To: "The OWASP Foundation" <reply-243e672b0e-d1c8dfd3bd-31de at u.cts.vresp.com>
> 
> 
>        	       	       
> 
> February 25, 2016 | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
> 
>            
> ZAP Tops Toolswatch 2015 Survey!
> 
> OWASP Outreach - Surf to Snow in January
> 
> OWASP in the News
> 
> OWASP Podcasts
> 
>               
> New Project Releases
> 
> ZAP User Survey
> 
>              
> Global AppSec Events
> 
> Local and Regional Events
> 
> Partner and Promotional Events
> 
>              
> New OWASP Chapters
> 
> Chapter Restarts
> 
> Chapter Transitions
> 
> New Student Chapters
> 
> Chapter Activities
> 
>                  
> New Contributing Corporate Members
> 
> Renewing Premier Corporate Members
> 
> Renewing Contributing Corporate Members
> 
>              
> OWASP Foundation Social Media
> 
> 
> OWASP Communications
> ZAP Tops Toolswatch 2015 Survey!
> 
> The Toolswatch 2015 Surveyresults are in:
> 
> ZAP is #1
> OWTF is #10
> 
> The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
> 
> OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.
> 
> Download these tools at:
> 
> ZAP: https://www.owasp.org/index.php/ZAP
> OWTF: https://www.owasp.org/index.php/OWASP_OWTF
> 
> Thank you to everyone who voted for OWASP tools! And congratulations to our ZAP and OWFT project teams.
> 
> Surf to Snow in January!
> 
> #2 of our 2016 Strategic Goals is to become more involved in the Developer community. We are pleased to report tremendous turnout for our recent outreach events, Codemash in chilly Ohio and AppSec California in sunny Santa Monica.
> 
> CodeMash is a unique event that seeks to educate developers on current practices, methodologies, and technology trends in a variety of platforms and development languages such as Java, .NET, Ruby, Python and PHP.
> 
> A breakdown of this tremendous event:
> 
> 
> 2500 attendees
> 1000 kids
> 202 speakers
> 84 staff
> 280 sessions
> Sessions included 40 hours of security content, with 2 days of training by Jim Manico and Bill Sempf.
> 
> OWASP Foundation participated as a Gold level sponsor. Bill Sempf, the project leader of the OWASP .NET Project and chapter leader for OWASP Columbus, served on the Session Committee helping to review over 1000 submissions. We have been proud to partner with Codemash over the past two years and are seeking similar opportunities worldwide.
> 
> AppSec California is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies. The third annual event taking place last month fulfilled all expectations bridging the local application security and developer communities for a beautiful weekend on the California coast.
> 
> Tell Us About Your Favorite Developer Events!
> 
> We are looking for developer events to attend. Please Rate the top Developer Conferences where you would like to see OWASP participate. The survey will be open until EOD Feb, 29, 2016.
> 
> Be sure to register for our upcoming events, such as Blackhat Asia 2016 on March 31 - April 1, 2016 at Marina Bay Sands, Singapore and invite your colleagues.
> 
> OWASP in the NEWS!
> 
> Match.com Learns that Encryption Alone Isn't Enough - ComputerWorld 2/19/2016
> 
> Severe Glibc Flaw Puts Every Linux Machine in Danger - CIO Today 2/17/2016
> 
> OWASP In Depth: An Interveiw with Jim Manico - SysCon Media 2/9/2016
> 
> OWASP Podcasts
> 
> OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.
> 
> OWASP Top 10 Proactive Controls Project with Jim Manico and Katy Anton
> 
> The OWASP WebGoat Project, version 7.0, with Bruce Mayhew
> 
> What's in Store for the OWASP 24/7 Podcast Series in 2016
> 
> 
> OWASP Projects
> 
> New Project Releases
> 
> WebGoat V.7
> 
> Webgoat v.7 released. Listen to our podcast as Bruce Mayhew explains the new version. The WebGoat Project started 10 years ago and has had over 1,000,000 downloads. Version 7.0 is being released this week. Matt Miller caught with Bruce Mayhew, project lead, to talk about the history of the project, what has been updated in version 7, and what he foresees as the future of this project. Project Page: http://www.owasp.org/index.php/CategorY:OWASP_WebGoat_Project.
> 
> OWASP ZSC Project
> 
> OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. Shellcodes are small codes in assembly which could be use as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc. Obfuscate codes can be use for bypassing antiviruses, code protections, same stuff, etc. This software can be run on Windows/Linux/OSX under python.
> 
> Why use OWASP ZSC?
> According to other shellcode generators such as metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shellcodes with random encodes that lets you to get thousands of new dynamic shellcodes with the same job in just a second, it means you will not get a same code if you use random encodes with same commands, and that makes OWASP ZSC one of the bests! otherwise it's going to generate shellcodes for other operation systems in the next versions. It’s the same story for the code obfuscation.
> 
> Learn more at" https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project.
> 
> ESAPI
> 
> ESAPI project co-leader, Kevin Wall announced his team has just tagged (and signed) a new ESAPI release. The tag name is esapi-2.1.0.1. There are 36 GitHub issues that were closed. You can find full details at: https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/esapi4java-core-2.1.0.1-release-notes.txt. Note that there are also some important changes made to the GitHub repo itself. Specifically, we have chosen to adopt a git workflow based on this blog: http://nvie.com/posts/a-successful-git-branching-model/, where all the new development work will be done on the 'develop' branch and the 'master' branch will henceforth reflect the latest official ESAPI release.
> 
> ZAP User Survey
> 
> Please help us to make @owasp ZAP even better for you by answering the ZAP User Questionnaire.
> 
> 
> OWASP Events
> 
> 
> Global AppSec Events
> 
> AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy. Call for Lightning Trainings closes April 30. Call for Activities closes April 30.
> 
> AppSec USA 2016, 11 October - 14 October 2016, Washington, DC
> 
> Regional and Local Events
> 
> Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America
> 
> AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China
> 
> Partner and Promotional Events
> 
> ONE2ONE SUMMIT, February 27 - February, 29, 2016, Parc 55 San Francisco, CA
> 
> CISO Middle East Summit & Roundtable, February 29 - March 3, 2016, Habtoor Grand Hotel Dubai, The UAE. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016
> 
> Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore, OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316
> 
> Connected Security Expo, April 6 - April 8, 2016, Sands Expo Las Vegas, NV
> 
> QuBit Conference, April 12 - April 14, 2016, Grandior Hotel Prague. OWASP members can save 10% by using their OWASP email address and discount code: OWASP*2016
> 
> 13th Annual CISO Europe Summit & Roundtable 2016, May 10 - May 13, 2016, Copenhagen Marriott, Denmark. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016
> 
> ONE2ONE SUMMIT, May 23 - May 25, 2016, Hotel Monteleone, New Orleans, LA
> 
> Hack in the Box: May 26-27, 2016, Amsterdam, The Netherlands
> 
> SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN. Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM
> 
> Techno Security & Forensics Investigations Conference / Mobile Forensics World: June 5 - June 8, 2016, Myrtle Beach, SC, OWASP Members save 30% by using your @owasp email address and discount code: OWASP16
> 
> ICCS 2016: July 25 - July 28, 2016, Fordham University at Lincoln Center, New York, NY
> 
> Black Hat USA 2016: July 30 - August 4, 2016, Las Vegas, NV
> 
> BSides Las Vegas: August 2 - August 3, 2016, Las Vegas, NV
> 
> ONE2ONE SUMMIT: September 14 - September 16, 2016, Boca Beach Club, Boca Raton, FL
> 
> (ISC)2 Security Congress EMEA 2016: October 18-19, 2016, Croke Park Stadium Dublin, Ireland
> 
> Ads are not endorsements and reflect the messages of the advertiser only.They represent co-marketing arrangements
> with other organizations in support of the OWASP Community.   CLICK HERE for more information on advertising.
> 	
> 
> 
> OWASP Chapters
> New Chapters
> 
> Fukushima, Japan: Masato Kaneko (masato.kaneko at owasp.org), leader https://www.owasp.org/index.php/Fukushima
> Chapter Restarts
> 
> Bototá, Colombia: Giovanni Cruz Forero (giovanni.cruz at owasp.org) leader
> https://www.owasp.org/index.php/Bogota
>  
> Iran: Ali Razmjoo (ali.razmjoo at owasp.org) and Reza Espargham (reza.espargham at owasp.org), leaders
> https://www.owasp.org/index.php/Iran
> Note: due to the US Embargo in Iran, this chapter is ineligible for funding from the Global Foundation.
> Transitions
> 
> Dallas: New Chapter leader Denis Sheridan (Denis.sheridan at owasp.org) joins board members Matthew Parsons (matt.parsons at owasp.org and Steve Horstman (steve.horstman at owasp.org)
> https://www.owasp.org/index.php/Dallas
>  
> Gothenburg: Mikael Falkvidd (mikael.falkvidd at owasp.org) and Viktor Hedberg (victor.hedberg at owasp.org) will join Jonas Magazinius as chapter leaders. Many thanks to Mattias Jidhage and Ulf Larson who are stepping down. https://www.owasp.org/index.php/Gothenburg
>  
> Lucknow, India: Deep Yadav (deep.yadav at owasp.org) joins Nitin Pandey as chapter leader
> https://www.owasp.org/index.php/Lucknow
>  
> Sendai, Japan: Jun Sato (jun.sato at owasp.org) joins Takaharu Ogasa as chapter leader
> https://www.owasp.org/index.php/Sendai
>  
> New Student Chapter
> 
> Learn more about our Student Chapters and Academic Supporter programs.
> Notable Chapter Activity
> 
> OWASP New Zealand and the University of Aukland presented its seventh annual OWASP New Zealand Day on February 4. The OWASP New Zealand Day conference is a free, one-day event dedicated to application security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications. The conference was preceded by a training event on February 3. Slide decks are posted to the 2016 OWASP New Zealand Day website.
> 
> Who attended?
> 
> 
> Web Developers: The morning sessions introduced attendees to application security. Afternoon sessions took a deeper dive into technical topics, building on the morning sessions.
> Management: After an introduction to web application security, one of the afternoon streams focused on informational and defensive topics.
> Security Professionals and Enthusiasts: Technical sessions later in the day showcased new and interesting attack and defense topics.
>  
> 
> A Cozy Evening at Snow FROC 2016
> 
> Snow FROC 2016, took place this past week on February 18 in Denver, Colorado. The OWASP Colorado chapters hosted 200 developers, business owners, and security professionals for a day of presentations, training, and bonding. Jeremiah Grossman, Founder of WhiteHat Security, gave the keynote address, followed by a 2-track session and a parallel hands-on course.
> 
>  
> Lunch and Learn with OWASP NYC/NJ
> 
> The OWASP NYC chapter has begun a series of virtual lunch and learn sessions about projects. The first call on February 23 featured the OWASP Benchmark project with Dave Wichers. Next month they will feature ASVS with Jim Manico. Full details for the 2016 program is available online at: http://www.meetup.com/metrocsc/. Raising appsec visibility one meeting at a time locally and globally, join us!
> 
> Share Your Stories!
> 
> We at the OWASP Global Foundation are looking forward to hearing about more such events in future. Share your chapter's successes! Submit your stories to support at owasp.org
> 
> OWASP Membership is a great way to contribute to our local chapters and projects. A portion of your membership can be allocated to teh chapter and/or project of your choice. Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!
> 
> 
> OWASP Membership
> New Contributing Corporate Members
> 
> Onward Security Corporation
> Renewed Corporate Members (Premier Level)
> 
> Adobe
> Contrast Security
> Renewed Corporate Members (Contributor Level)
> 
> Aspect Security
> CA Technology
> NetSPI
> Oneconsult AG
> WhiteHat Security
> Your name here? Find out how by visiting our Corporate Supporters information page.
> 
> Thanks to all of our Premier and Contributing Corporate Members for your support in 2015!
> 
> 
> OWASP Social Media
> OWASP Social Media Site
> 
> OWASP YouTube Channel
> LinkedIn
> Twitter
> Google +
> Facebook
> Ning
> StackOverflow
> GitHub
> Trello
> Slack
> 
> 
> Click to view this email in a browser 
> 
> If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
> The OWASP Foundation
> 1200-C Agora Drive
> #232
> Bel Air, Maryland 21014
> US
>            
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-columbia/attachments/20160225/e757a0d3/attachment-0001.html>


More information about the OWASP-Columbia mailing list