[OWASP-Columbia] OWASP Connector December 2017

Frank Catucci frank.catucci at owasp.org
Tue Dec 26 22:40:25 UTC 2017


> 
>      
> 	
> FOLLOW US
> 
>            
> 
>   COMMUNICATIONS |  PROJECTS |  EVENTS |  CHAPTERS |  MEMBERSHIP  	
> 
> Tues, Dec 26, 2017		
> OWASP CONNECTOR
>  	
> 
> Important News about AppSec Europe
> Dear OWASP Community Member,
> 
> After careful consideration and discussions with the local chapters, the Global Board of Directors for the OWASP Foundation unanimously voted to support and empower the Executive Director to research and select an alternative location for AppSec Europe. Keeping the OWASP community’s best interest in mind it was decided to move AppSec Europe from Tel Aviv, Israel to the United Kingdom (UK). The two days of OWASP training will take place on 5 & 6 June, with the conference program taking place on on 7 & 8 June 2018. The location will be determined sometime this week as the staff and the UK chapter review options in and around London.
> 
> In the spirit of openness and transparency, we believe it is important that we share the steps and serious discussions that were in involved in reaching this vital and difficult decision to move AppSec Europe from Tel Aviv to the UK. Two weeks ago, during the Board of Directors meeting various challenges / concerns with hosting an event in Israel were revisited. The primary focus of the discussion was that original estimates of attendance from the international community, participation from the regional community, and the level of expected sponsorships were not firm enough to meet OWASP's current needs. The original bid expected that based on AppSec IL's phenomenal numbers, OWASP would be able to depend on local ticket sales to outpace those of previous events. The local team has informed OWASP that a combination of economic challenges locally and competing free events taking place during the same week make this unlikely. With this knowledge, OWASP believes that these challenges present too significant a risk to AppSec Europe. As a result, the Board of Directors unanimously voted to reconsider the location plan for AppSec Europe and considered  that in the best interest of the global OWASP community to move AppSec Europe to a more centralized location with greater accessibility to international and European OWASP communities.
> 
> We are of course very thankful for the support of the Israeli chapter and are indebted to their dedication to OWASP and the planning they have contributed while working on AppSec Europe. However, with challenges from events held last year; financial and otherwise, as well as the knowledge and wish for OWASP to grow the AppSec Europe conference program and to ensure strong attendance and financial success for the conference, the decision to host AppSec Europe in Israel needed be reviewed and modified.
> 
> In the process of making this unprecedented decision it was also revealed that the site selection criteria and procedures for selecting and managing AppSec events should be reevaluated and updated to meet the needs of the training and the entire conference program while also creating a new conference model that continues to expand and meet the needs of the OWASP community. Looking ahead OWASP will be sharing with you a revised process for evaluating locations, ensuring that the internal staff and the volunteer / community support is available and able to facilitate and host a training and conference program of this magnitude.
> 
> OWASP kindly asks for your understanding and support with this decision to move AppSec Europe to the  United Kingdom. We are working with the local UK chapters to ensure that the program, content and overall conference meets with your needs and expectations for AppSec Europe. More information on the development of the program will be forthcoming.
> 
> If you are interested in presenting at this event, please visit theCall for Presentation to submit a proposal. If you would like to lead a training program, please visit the Call for Training to provide OWASP with the necessary information to offer the very best educational content.
> 
> For more information on the overall conference, follow us on Twitter @AppSecEu and Facebook to see the development of the conference.
> 
> We look forward to seeing you at AppSec Europe 2018.  If there are any questions you may have regarding the decision and or OWASP please feel free to contact Karen Staley, Executive Director, OWASP at Karen.Staley at owasp.org.
> 
> Sincerely,
> 
> The OWASP Team
> 
>  
>  	
> 
> Project Releases
> Tool Projects:
> 
> OWASP Zed Attack Proxy
> 
> Release ZAP 2.7.0
> 
> For details of whats included see the release notes:https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_7_0
> 
> OWASP JuiceShop Project
> 
> Release v6.0.0
> 
> The TL;DR summary:
> 
> 2 new JWT challenges
> 
> 1 new A10-challenge
> 
> Major backend refactorings
> 
> even smaller Docker image
> 
> even better customization support
> 
> bugs--, i18n++, other stuff++
> 
> Get the latest version by simply updating your Git repo, Docker container or Heroku instance! Or download the newest pre-packaged archives from:
> 
> OWASP OWTF
> 
> Release MacinOWTF
> 
> OWASP Dependency Check
> 
> Release v3.0.2
> 
> OWASP Security Shepherd
> 
> Release 3.0
> 
> Documentation Projects
> 
> OWASP Top Ten Project
> 
> Release 2017-RC2
> 
> Lab Projects
> 
> Tool Projects
> 
> O-Saft
> 
> Release Version 17.09.17]
> 
> OWASP DefectDojo Project
> 
> Release version 1.2
> 
> New OWASP Projects:
> 
> OWASP Risk Rating Management
> 
> OWASP DevSlop Project
> 
> OWASP SecurityRAT Project
> 
> OWASP Cyber Defense Matrix
> 
> OWASP Top 5 Machine Learning Risks
> 
> OWASP Security Operations Center SOC Framework Project
> 
> OWASP to Apply to GSOC 2018!
> OWASP is once again applying to Google Summer of Code.  This is an excellent opportunity for your Project to groom new highly active volunteers or to build specific features.  We are accepting proposals and volunteers.  Read more about how this can benifit your Project or Chapter and how you can participate on the OWASP Blog!
> 
>  	
> 
> AppSec California Registration is OPEN!
> 
>  
> 
> Don't miss the best conference you will attend, right on the beach. AppSec California takes place Jan 28-31 in Santa Monica, Ca. The first two days are some great one and two-day training classes, followed by our Keynotes and speakers on days three and four. You can attend just the conference, just take training, or get the whole package for three or four days.
> Are you a developer, security pro, QA or pen tester and want to network with your peers and see some talks on cutting edge stuff, come hang with us along the shores of the Pacific Ocean.
> Upcoming Events
> AppSec Europe 2018 — June 5-8, 2018; UK
> AppSec USA 2017 — Fall 2918; San Jose, CA, USA
> Regional and Local Events
> OWASP AppSec California 2018 — January 28-31, 2087; Santa Monica, CA, USA
> OWASP New Zealand Day 2018 — February 4-5, 2018; Auckland University, New Zealand
> SnowFROC2018— March 8, 2018; Denver, CO, USA
> OWASP AppSec Africa 2018 — May 3-5, 2018; Morocco
> SuperSec — MAy 11, 2018; Spain
> LASCON 2018 — October 23–26, 2018; Austin, TX, USA
>  
> Partner and Promotional Events
> ICCS 20180— Jan 8–11, 2018; New York City, NY, USA 
> DevSecCon Singapore — February 22–23, 2018; Singapore
> InfoSec World Conference & Expo 2018 — March 19–21, 2018; Lake Buena Vista, Florida, USA (OWASP members save 15% by using discount code: OS18-OWASP)
> CyberCentral — April 11-13, 2018; Prauge, Czech Republic
> InfoSecurity Europe— June 5-7; London, UK
> Hack in Paris— June 25-29, 2018; Paris, France
> 
> 
> Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements with other organizations in
> support of the OWASP Community.  CLICK HERE for more information on Advertising.
>   	
> 
> Your MeetUp Account Can Now Automatically Update your Wiki Page! 
> 
>  
> 
> We are thrilled to announce that we now hace a Media Wiki extension which will mirror your MeetUp events from MeetUp Pro to your Chpater Wiki Page.
> 
> I wish to give my deepest thanks to Geoff Baskwill who wrote the extension.  You can read more on GitHub.  
> 
>   	
> 
> September- December 2017 Corporate Members
> 
> 
> We would like to thank the following companies for supporting the OWASP Foundation.  
> The companies listed below have contributed over the past couple months by either renewing their existing 
> Corporate Membership or joining OWASP as a new Corporate Member.  
>  
> Details about Corporate Membership can be found here.
>  
>  
> Premier Corporate Members
>  
> 
>  
> Netsparker develops an industry leading automated web application security scanner. Available as Windows desktop software and as a Cloud service, the Netsparker scanner is very easy to use and its proof-based vulnerability scanning technology enables you to easily and automatically detect SQL Injection, Cross-site scripting and other vulnerabilities in your websites, web applications and web services. Netsparker’s unique scanning, detection and auto exploitation techniques allow it to be dead accurate. Therefore you do not have to waste time manually verifying the scanner’s findings and instead can focus on fixing the identified vulnerabilities. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank. To learn more, please visit: https://www.netsparker.com/
>  
> 
>  
> Since 2002, organizations have relied on Security Innovation for their unique software and application security expertise to help secure and protect sensitive data in the most challenging environments - automobiles, desktops, web applications, mobile devices and in the cloud. Recognized as a Leader in the Gartner Magic Quadrant for Security Awareness for the third year in a row, Security Innovation is dedicated to making the world (and your organization) a safer place, one employee and one application at a time. Security Innovation is privately held and headquartered in Wilmington, MA USA. For more information, visit www.securityinnovation.com.
>  
>  
> 
> Signal Sciences is the industry’s first Web Protection Platform using both Next Generation WAF as well as RASP technologies. Signal Sciences WPP was built in response to our own frustrations of trying to use legacy WAFs while enabling business initiatives like DevOps, cloud adoption and CI/CD. The Signal Sciences NGWAF works seamlessly across cloud, physical, and containerized infrastructure, providing security without breaking production traffic. Please visit http://www.signalsciences.com/ for more information.
> Contributor Corporate Members
> 
>  
> Acunetix’s team of experienced engineers developed a lead in website, web application, and Internet-facing server analysis and vulnerability detection. Available both on-premise and online, Acunetix uses deep crawling techniques to detect exploitable vulnerabilities such as SQL injection, and all forms of Cross-Site scripting – while providing concise vulnerability reports and information on how to fix them allowing you to protect your business against impending hacker attacks. Acunetix customers include Cisco, NASA, American Express, Sony, HSBC, The Pentagon, Skype, and many more. You can find us online at www.acunetix.com.
> 
>  
> 
>  
> Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. Amongst the company's 1,000 customers are 5 of the world's top 10 software vendors and many Fortune 500 and government organizations. Checkmarx CxSAST is a highly accurate and flexible Source Code Analysis product that allows organizations to automatically scan un-compiled/un-built code and identify hundreds of security vulnerabilities in the most prevalent coding languages. Learn more at www.checkmarx.com.
> 
> 
>  
> Distil Networks, the global leader in bot detection and mitigation, is the only easy and accurate way to protect web applications from bad bots, API abuse, and fraud. With Distil, you automatically block 99.9% of malicious traffic without impacting legitimate users. Distil Web Security defends websites against web scraping, brute force attacks, competitive data mining, account takeovers, online fraud, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. Distil API Security protects all types of APIs including those serving web browsers, mobile applications, and Internet of Things (IoT) connected devices. Distil API Security defends APIs against developer errors, integration bugs, automated scraping, and web and mobile hijacking. For more information on Distil Networks, visit us at http://www.distilnetworks.comor follow @DISTIL on Twitter.
> 
>  
> 
>  
> At GoSecure, our reason for being is to protect your IT assets and allow you to focus on business. As a cybersecurity services provider, our offering is focused on increased security operations ROI, cutting-edge security testing for IT and facilitating integrated security in new or existing software and hardware systems. Strengthened by over a decade of experience dedicated exclusively to cybersecurity, our team has had to deal with a wide gamut of security breaches and threats and stands today as a group of leaders in technologically complex security mandates in the industry. We continue to invest in advanced security research with our private and public partners. For us, security only makes sense when it serves the best interest of your organization and helps you reach your goals. You can count on us as your long-term partner in assessing and developing all the elements of your technical security for current and future threats. Our clients recognize us as the partner of choice for operationalization of their security strategy as we excel at making security work “where the rubber meets the road”. We offer a full range of managed security services from our two security operations centers. For more information, visit http://www.gosecure.ca/
>  
> 
>  
> Please visit https://www.immun.io/ for more information
> 
>  
> For more information, please visit: https://www.ipswitch.com/
> 
>  
> Johnson Controls is a global diversified technology and industrial leader serving customers in more than 150 countries. Our 130,000 employees create quality products, services and solutions to optimize energy and operational efficiencies of buildings; lead-acid automotive batteries and advanced batteries for hybrid and electric vehicles; and seating components and systems for automobiles. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. Through our growth strategies and by increasing market share we are committed to delivering value to shareholders and making our customers successful. In 2015, Corporate Responsibility Magazine recognized Johnson Controls as the #14 company in its annual “100 Best Corporate Citizens” list.” Please visit   http://www.johnsoncontrols.com/content/us/en/products/building_efficiency/product-security.html
> 
> To learn more, please visit: https://www.nowsecure.com/
> 
>  
> Security Compass focuses on helping you deliver secure software through deliberate practice while maintaining the speed of your business. Our goal is to help you build secure software by seamlessly unifying your application security needs through eLearning, Security Requirements and Verification. Visit http://www.securitycompass.com/ to learn more!
>  
> For more information visit: https://www.synack.com/
> 
>  
> To learn more, please visit: https://www.ups.com/us/en/Home.page
> 
>  
> WhiteSource helps software security teams manage open source components used in their products, automatically and continuously. It becomes part of your SDLC and automates the entire process of open source components selection, approval, and management, including finding and fixing vulnerable components. To learn more, please visit: https://www.whitesourcesoftware.com/
> 
> Want your company name here? 
> 
> Find out how by visiting our Corporate Member page, or contact Kelly Santalucia, our Membership & Business Liaison today!
> 
> Thank you to all of our Premier and Contributor Corporate Members for your support!
> 
>  
> The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014, USA
> 
> 
> 
> Click to view this email in a browser 
> 
> If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
> The OWASP Foundation
> 1200-C Agora Drive
> #232
> Bel Air, Maryland 21014
> US
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-columbia/attachments/20171226/ff6f3ba7/attachment-0001.html>


More information about the OWASP-Columbia mailing list