[Owasp-egypt] Fwd: OWASP Connector; December 2016

Mohamed Alfateh moh.fateh at gmail.com
Thu Dec 22 07:30:58 UTC 2016


---------- Forwarded message ----------
From: The OWASP Foundation <The_OWASP_Foundation at mail.vresp.com>
Date: Wed, Dec 21, 2016 at 10:10 PM
Subject: OWASP Connector; December 2016
To: moh.fateh at gmail.com

[image: OWASP Global Connector]

December 21, 2016 | www.owasp.org
| Contact Us
| Brought to you by the OWASP Foundation
[image: Communications] <#m_-4902018130242759654_CommunicationsHeading> 2016
in Review; Looking Ahead <#m_-4902018130242759654_DEC16-YEARREVIEW> OWASP
Operations Update <#m_-4902018130242759654_DEC16-OPSBLOG> OWASP in the News!
<#m_-4902018130242759654_NEWS> [image: projects]
<#m_-4902018130242759654_Projects> Project Reviews
<#m_-4902018130242759654_DEC16-PROJECTREVIEW> New Projects in 2016!
<#m_-4902018130242759654_DEC16-NEWPROJECTS> ESAPI's New Project Leader
<#m_-4902018130242759654_DEC16-NEWLEADER> [image: Conference]
<#m_-4902018130242759654_ConferenceHeading> AppSecEU 2017
<#m_-4902018130242759654_DEC16-APPSECEU> Global AppSec Events
<#m_-4902018130242759654_GLOBAL> Local and Regional Events
<#m_-4902018130242759654_LOCAL> Training Events
<#m_-4902018130242759654_TRAINING> Partner and Promotional Events
[image: chapters] <#m_-4902018130242759654_ChapterHeading> Chapter Handbook
Review <#m_-4902018130242759654_DEC16-HANDBOOKREV> OWASP is Testing Meetup
Pro <#m_-4902018130242759654_DEC16-MEETUP> Request for Blog Content
<#m_-4902018130242759654_DEC16-BLOGCONTENT> [image: membership]
<#m_-4902018130242759654_MembershipHeading> New and Renewing Corporate
Members <#m_-4902018130242759654_CorpRenew> [image: Social Media]
<#m_-4902018130242759654_SocialHeading> OWASP Foundation Social Media
[image: Communications]
*OWASP Communications*
2016 in Review; Looking Ahead

2016 has been a period of radical change for OWASP, some of it was sudden
and devastating, other changes were the culmination of months of small
improvements. OWASP Foundation invites you to aid us in harnessing the
energy from these changes to foment a period of radical growth in 2017.

*The year in Review:*

   - This year we lost our Executive Director, Paul Richie
   He brought order and professionalism to OWASP. He raised our own high
   expectations and delivered on the things he set out to do. He made all of
   us that worked closely with him better and more effective. He will be
   greatly missed.
   - AppSec Europe and AppSec USA were both successful, with AppSec USA in
   DC selling a record number of tickets.
   - Two Successful Project Summits during AppSec EU
   and AppSec USA
   2016 that allowed approximately 30 thirty Project Leaders to jump in with
   'hands-on' work on a variety of OWASP Projects.
   - Our experiments with hosting a Member’s Lounge at global AppSec events
   where you can charge your electronics, lounge in a quiet space with
   colleagues, and grab some swag and a snack have been wildly successful.
   - We are happy to have nearly doubled our Premier Corporate Membership.
   - We gained a significant number of chapters in Asia, Africa, and Latin
   - We hired our new Senior Technical Coordinator
   Matt Tesauro
   and Community Manager
   Tiffany Long
   to help drive our Projects and Community-based programs forward.
   - There are so many more achievements in 2016 and all can be found in
   back issues of our OWASP Connector newsletters.

*Looking Forward:*

   - The OWASP Staff had developed a new communication strategy
   The majority of which will be implemented 2017.
   - The OWASP Website Reboot
   began with the evaluation by Sooryen in 2016 and continues into 2017. You
   can see the plan here
   - Owasp will implement our new association management system. This will
   integrate various back-end systems and lead to improved user experience for
   the OWASP global community.
   - We look forward developing our volunteer program in 2017.
   - OWASP is choosing a strategic objective for 2017
   you can help by discussing the current suggestions or contributing your

On behalf of the entire Operations team, we look forward to making 2017 an
exciting and productive year for OWASP.


Tiffany Long
OWASP Community Manager
Tiffany.Long at owasp.org

OWASP Operations Update

Starting in December 2016 and continuing throughout 2017, the staff are
going to post monthly updates on the OWASP Blog
so the community can keep up with what the OWASP Foundation is doing to
make OWASP just that much better. We’re also open to starting brief weekly
updates if the community wants to follow our direction more closely.

Read the December 2016 Operations Update here

OWASP in the NEWS!

What The Galactic Empire Could Learn from OWASP
– Stormpath, December 17, 2016

Privacy Commissioner, infosec boffins, call for reform of anti-hack Bill
– The Register, December 18, 2016

Protecting Yourself From Online Scammers
– Fox2Now, November 30, 2016

Application Security Conference: AppSec USA
– Resolute Technology Solutions, December 16, 2016

Security! experts! slam! Yahoo! management! for! using! old! Crypto!
– The Register, December 15, 2016

IT security skills dearth lifts SA's risk profile
– IT Web Access Control, December 12, 2016

Security Awareness Program 2017: How Hospital Leaders Can Handle
Cybersecurity Threats in the Coming Year
– Insights, December 10, 2016
[image: projects]
*OWASP Projects*
Project Reviews

OWASP Project Inventory has 93 Projects (Code, Tools, or Documentation)
produced by the efforts of volunteers. Projects are divided into three
categories, Incubator, Lab and Flagship status. We currently have about 39
Projects in Flagship or Lab Status and the balance are in Incubator status.
The main purpose for project reviews is to provide an evaluation based on a
defined criteria which provides an incentive and measurement of a projects
maturity as they grow from Incubator to Flagship.

Project reviews may be requested by the Project Leaders or flagged during
each project's annual health check. The evaluation is based on defined
criteria which attempt to gauge the project's quality, health (activeness),
and stage within our incubator to lab to flagship continuum.

The review consists of an initial self-assessment done by the project
leader which is peer reviewed by volunteers from OWASP. Next, OWASP staff
take look over all the feedback on the project and ensure it meets the
requirements for graduation. Once a project is ready for graduation, all
the review feedback is presented to the community for any final comments or
+1’s. You can view the four most recent reviews and share your thoughts here

New Projects in 2016!

*OWASP Inventory added New Projects in 2016!


   - OWASP Anti-Ransomware Guide Project

   - OWASP Mobile Security Testing Guide


   - OWASP Basic Expression Lexicon Variation Algorithms (Belva) Project
   - OWASP VBScan
   - OWASP AppSec Pipeline
   - OWASP Juice Shop Project
   - OWASP Bug Logging Tool


   - OWASP Secure Headers Project
   - OWASP Vicnum Project

ESAPI's New Project Leader

*OWASP Enterprise Security API
New Leader Matt Seil* — *By Kevin Wall*

It is with mixed emotions that I am making this announcement, that *Chris
Schmidt* is stepping down as long-time ESAPI co-leader and that *Matt Seil*
will be taking over that position and attempting to fill Chris' shoes. On
one hand, I'm saddened because Chris was such a great leader and
contributor for ESAPI.

Chris took over as co-leader sometime in May 2011, at the same time that I
did, when Jim Manico handed over us the reigns, but Chris' contributions to
ESAPI go back way before my involvement and his contributions are much
broader than mine. While I focused mostly on ESAPI's crypto and provided
some occasional general ESAPI bug zapping, Chris had his hands in almost
everything ESAPI (and I mean that in a good way). For instance, he
single-handedly created the ESAPI for JavaScript and the ESAPI Spring
Authenticator mini-projects. Chris also played the major role in the ESAPI
2.x's release management as well as creating the outline for the ESAPI 3.x
interfaces. His wisdom, insigh, and broad experience will be sorely missed
by ESAPI. However, Chris should be admired in admitting that as of late,
because of job and personal obligations, he has lacked the "time to really
provide any value to the ESAPI team" and therefore is stepping down in the
best interest of ESAPI. I personally have enjoyed working with Chris for
these past 5.5 years and have learned a lot from him. I hope that he
periodically finds time to continue to contribute ESAPI in whatever way

On the other hand, I am eagerly looking forward to working with Matt Seil
as the new ESAPI co-lead. Matt was a major contributor to bug fixes for the
ESAPI release last February. He and I worked well together and I
think he is highly respected in the OWASP community by those who know him.

Shortly after this New Years, Matt and I hope to get together and discuss
future plans for ESAPI, both short-term and long-term goals. Once we have
the initial groundwork for that recorded in electrons somewhere, we will
share them with the broader ESAPI community to get feedback and then revise
them as needed. (In the meantime, if you have some suggestions that you
would like us to potentially consider, please email them to Matt Seil and

In the meantime, I hope that along with me, you will extend your thanks and
appreciation to Chris for his labor of love on ESAPI and extend your
welcome to Matt as the new ESAPI project co-lead.

Thank you and Happy Holidays!
[image: Conference]
*OWASP Events*
AppSecEU 2017

The call for presentations and training are now open for AppSecEu 2017,
which will take place in Belfast from May 8th to 12th 2017. OWASP's Global
AppSec events serve a diverse audience of security professionals at all
stages of their careers. We seek interesting perspectives and training to
drive visibility and evolution in the safety and security of the world’s
software. We have opportunities for multi-day trainings, talks, lighting
trainings, lightning talks, arsonal and activities.

Our topics of interest for talks include, but are not limited to the

   - Novel web vulnerabilities and countermeasures
   - New technologies, paradigms, tools
   - OWASP tools or projects in practice
   - Secure development: frameworks, best practices, secure coding,
   methods, processes, SDLC
   - Browser security
   - Mobile security and security for the mobile web
   - Cloud security
   - REST/SOAP security
   - Security of frameworks
   - Large-scale security assessments of web applications and services
   - Privacy risks in the web and the cloud
   - Management topics in Application Security: Business Risks, Awareness
   Programs, Project Management, Managing SDLC

OWASP Trainings should be practical in nature--hands-on class will receive
stronger consideration. Topics of interest for include but are not limited

   - Secure development: frameworks, best practices, secure coding,
   methods, processes, SDLC
   - Vulnerability analysis: code review, pentest, static analysis
   - Threat modelling
   - Mobile security
   - Cloud security
   - Browser security
   - HTML5 security
   - OWASP tools or projects in practice
   - New technologies, paradigms, tools
   - Privacy in web apps, Web services (REST, XML) and data storage
   - Operations and software security
   - Management topics in Application Security: Business Risks,
   Outsourcing/Offshoring, Awareness Programs, Project Management, Managing

While we understand that your submission might be a work in progress, we
strongly encourage that all submissions be as thorough as possible to allow
us to make the best decision. The program committee will review your
submission based on a descriptive abstract of your intended presentation.
Feel free to attach a preliminary version of your presentation if
available, or any other supporting materials. Please review your proposal
thoroughly as accepted abstracts and bios submitted will be published 1:1
on our site. If your presentation is accepted for inclusion in the
conference program, you are free to submit a white paper describing your
work, to be added to the website.

To ensure the best talks available are presented at AppSec Europe we are
incorporating blind reading as part of our process. This means that names
and job titles will be removed when the paper's abstract is being reviewed.
Submissions for training will not be read blind. All speakers will be given
access to speaker mentorship, we especially encourage first time speakers
to take advantage of this service.

Marketing and sales pitches will not be accepted in the talks or trainings.

Submit a Presentation

   - Submission deadline: January 9th, 2017
   - Notification of acceptance: February 6th, 2017
   - Conference days: May 11th – 12th 2017

Submit a Training

   - Deadline for proposals: January 2, 2017
   - Notification to training providers: January 23, 2017
   - Training: May 8, 9, 10

Global AppSec Events

*AppSec Europe 2017
May 8 - 12, 2017, Belfast, UK

   - Call for Papers
   ends January 9
   - Call for Trainings
   ends January 2
   - Call for Lightning Trainings
   - Call for Activities
   - Call for Arsenal

*AppSec USA 2017* September 19 - 22, 2017, Orlando, Florida, USA

Regional and Local Events

*AppSec Cali 2017
January 23 - 25, 2017, Santa Monica, CA, USA

*AppSec Africa 2017
February 1 - 2, 2017, Casablanca, Morocco

*SnowFROC 2017
March 16, 2017, Denver, CO, USA

*Latam Tour 2017* April 3 - 28, 2017, South America

*OWASP Middle East Cyber Security Conference 2017
May 3 - 4, 2017, Dubai, UAE

Training Events

*Boston Training
January 25 - 27, 2017, Waltham, MA, USA

Partner and Promotional Events

*IoT Tech Expo Global 2017
23-24, 2017   Olympia, London   *OWASP members save 20% by using discount
code: OWASP20*

*Cyber Resilience & InfoSec 2017
February 6-7, 2017   Abu Dhabi, U.A.E.

*SC Congress London
  February 23, 2017   London, UK

  April 4-6, 2017   Prague, Czech Republic

*QuBit Conference 2017
  April 4-6, 2017   Prague, Czech Republic   *OWASP members save 10% by
using discount code: QB17OWASP*

*Cyber Security North Africa Summit
  April 26-27, 2017   Cairo, Egypt

*SC Congress New York
  May 2, 2017   New York, NY

*Techno Security & Digital Forensics Conference
 June 4-7, 2017   Myrtle Beach, SC

*SC Congress Toronto
  June 13-14, 2017   Toronto, Canada
Ads are not endorsements and reflect the messages of the advertiser
only.They represent co-marketing arrangements
with other organizations in support of the OWASP Community.   CLICK HERE
for more information on advertising.
[image: Synopsys]
Security Compass]
[image: chapters]
*OWASP Chapters*
Chapter Handbook Review

The Chapter Handbook goes under periodic review. This is your opportunity
to be heard at OWASP. Each chapter is listed in its own doc, please comment
to tell us where you think the handbook needs clarification, further
guidance, or updates. Please confine your activity to the comments and do
not directly edit the pages. Comments will remain open for one month.

Chapter One - Handbook Overview
Chapter Two - Mandatory Chapter Rules
Chapter Three - How to Start a Chapter
Chapter Four - Chapter Administration
Chapter Five - Governance
Chapter Six - Chapter Activity
Chapter Seven - Organizing Chapter Meetings

OWASP is Testing Meetup Pro

OWASP has been listening to you and we are proud to announce that we began
testing the new MeetUp Pro service this month.

MeetUp Pro will provide an umbrella under which the chapter groups would be
gathered. This means that all of our chapters would be uniformly branded
and advertised on our master homepage. From the chapters’ point of view,
the meetup would function the same as before with the only changes being
that the leaders are listed as “local leaders” and only the official OWASP
account would have the ability to start and eliminate chapters.

There are a lot of benefits for chapters of going pro, not only will your
meetups be more searchable, but the cost of the service, currently born
from your chapter budgets, will be absorbed by the foundation budget. A
significant “silent” benefit is that the API should allow us to mirror the
information on the MeetUp page on the Chapter wikis thereby eliminating a
large amount of work that we currently ask our leaders to do, but do not

After MeetUp Pro is out of Beta, All chapters will once again be required
to keep their wiki pages up to date. Our goal is to remove the onerous time
sink of doing this.

If you would like to see what the new Pro pages look like check out this
where the first 7 chapters have joined.

Request for Blog Content

OWASP would like to start spotlighting chapter activity on our blog. If
your chapter hosted and recorded an amazing talk that just NEEDS to be
shared, or perhaps you ran a great event and would like to help other
chapter follow suite think about writing a blog post to be shared on the
OWASP Blog. Contact our community manager, Tiffany Long
<Tiffany.Long at owasp.org> for more details.

[image: Membership]
*OWASP Membership*

We would like to thank the following companies for supporting the OWASP
Foundation. The companies listed below have contributed this month by
either renewing their existing Corporate Membership or joining OWASP as a
new Corporate Member. Details about Corporate Membership can be found here

*Premier Corporate Member*

Signal Sciences is the industry’s first Web Protection Platform using both
Next Generation WAF as well as RASP technologies. Signal Sciences WPP was
built in response to our own frustrations of trying to use legacy WAFs
while enabling business initiatives like DevOps, cloud adoption and CI/CD.
The Signal Sciences NGWAF works seamlessly across cloud, physical, and
containerized infrastructure, providing security without breaking
production traffic. To learn more, please visit

*Contributor Corporate Member*

Parasoft helps organizations perfect today’s highly connected applications
by automating time-consuming testing and analysis tasks while providing
management the analytics necessary to focus on what matters – eliminating
the deployment of security vulnerabilities that could lead to system
failure, data loss, and loss of life. Parasoft’s software security solution
analyzes code, generates and executes tests, and processes the data
collected throughout the SDLC to ensure compliance with security policy
across all layers of the software stack. In addition, Parasoft can analyze
and automatically prioritize defects that lead to security vulnerabilities
and kick-off security verification and remediation tasks across the team.
Learn more at www.parasoft.com/appsec

Want your name here? Find out how by visiting our Corporate Member
information page, or contact Kelly Santalucia <kelly.santalucia at owasp.org>
today! Thank you to all of our Premier and Contributor Corporate Members
for your support in 2016!
[image: Social Media]
*OWASP Social Media*
OWASP Social Media Sites

   - OWASP YouTube Channel
   - LinkedIn
   - Twitter
   - Google +
   - Facebook
   - StackOverflow
   - GitHub
   - Trello
   - Slack

Click to view this email in a browser

If you no longer wish to receive these emails, please reply to this message
with "Unsubscribe" in the subject line or simply click on the following
link: Unsubscribe <http://cts.vresp.com/u?e29a29baa1/486ca33027/mlpftw>
The OWASP Foundation
1200-C Agora Drive
Bel Air, Maryland 21014
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-egypt/attachments/20161222/99fdadf7/attachment-0001.html>

More information about the Owasp-egypt mailing list