[Owasp-egypt] Fwd: OWASP Connector August 2017

Mohamed Alfateh moh.fateh at gmail.com
Tue Aug 29 11:50:29 UTC 2017

---------- Forwarded message ----------
From: The OWASP Foundation <The_OWASP_Foundation at mail.vresp.com>
Date: Tue, Aug 29, 2017 at 8:52 AM
Subject: OWASP Connector August 2017
To: moh.fateh at gmail.com

[image: OWASP Connector]



<#m_6055029095923293352_PROJECTS> |  EVENTS <#m_6055029095923293352_EVENTS> |
 CHAPTERS <#m_6055029095923293352_CHAPTERS> |  MEMBERSHIP
*Mon, August 28, 2017*
[image: Communications]
Operations Update

The August Operations Update
includes vital information about OWASP's infrastructure initiatives,
project activity, and Chapters. Read it for an overview of what is
happening in OWASP.
Improved Reimbursements System on Horizon for OWASP

OWASP’s growth over the past decade has been phenomenal! We we have grown
from an idea to over 40,000 participating members, 2,000 paid or honorary
members, and a staff of 6. As an organization we have prioritized support
for volunteer-led priorities and experimentation in our dynamic community.
This means that staff has created a lattice of support procedures for
small, experimental activities that rapidly became a mainstay of OWASP. As
our needs or size changed, these procedures either remained the same or
underwent repeated limited revision.

Some of these processes were perfect for OWASP 5 or even 2 years ago, but
now need to be made more robust to support their exponentially larger
loads. During 2017 and 2018 the staff will be focusing on improving these
basic processes to increase speed, transparency and ease for our volunteers

One example of this is the OWASP reimbursement system. Currently all
reimbursements go through tata forms into a black hole until paid. The only
way for a submitter to check on the progress of their reimbursement is by
repeatedly emailing staff member. Furthermore, in many cases that staff
member must repeatedly email accounting to get an update as well. Worse,
previous, workflows were not identical across all OWASP activities. All of
this led to confusion and inefficiency.

The OWASP Staff has created a new reimbursement system that will utilize
Jira to make sure that all reimbursements go through the appropriate
workflow and that the submitter can see where their reimbursement is in the
process at any time. All reimbursement communications will be in the same
place to facilitate swift repayment. This reimbursement system will be
launched in the coming month and there are no changes to the current
funding rules. You can read more
about how it will work complete with examples on the OWASP Wiki.
2017 Global Board of Directors Election

The OWASP Board of Directors are seven hardworking volunteers elected to
direct the financial and outreach goals of the organization. As a group the
board members self organize into positions and guide the organization by
defining our strategic goals. You can follow the election on the Board of
Directors Election
wiki page.

This year we have seven candidates running for the four open board
positions. You can click on their names to read their bios and statements
of purpose :

Greg Anderson

Sherif Mansour

Additionally, during this time we request that our members submit questions
to be asked of our candidates for the board during an interview that will
be recorded and shared prior to the election. The following are the winning
questions from our community.

1. How do you make sure that the board's decisions won't be influenced by
any personal favors or corruption?

2. OWASP does not have a great reputation internationally due what most
people call "Politics", how do you intend to solve the "Politics" problem?

3. How do you intend to address bullying within OWASP? If someone is a
repeat offender, will you enforce rules to expel or suspend offending

4. How do you intend to empower the Compliance Committee? Currently all it
has the power to do is mediate or make suggestions, it needs more than that.

5. What accomplishments related to OWASP Foundation's mission have you
demonstrated in the last (5) years?

6. What kind of action plan do you have in mind to help motivate the
participation of Developers into OWASP community?

7. What is your strategy to keep chapters active and motivated with OWASP
and keep having meetings and organize local events?

*Don’t forget* that you must be a member by September 30th to vote for the
OWASP Board of Directors. Get your Membership Today

OWASP Volunteer Platform

We are ready to begin the design stage for building the OWASP Volunteer
Platform and we need your help! The first step of the design phase is a set
of surveys. OWASP Leaders will receive a survey to explore your needs as
volunteer managers via email. The survey will be active until September 22,
2017. The wider OWASP community will be encouraged to follow a link to the
Volunteer Portal Survey for Community Members which explores the needs of
prospective volunteers in a volunteer management platform. You do not need
to be a paid member of OWASP to take the survey. If you are both a Leader
who manages volunteers and a volunteer elsewhere in OWASP you are
encouraged to take both surveys.

Your input is invaluable and we thank you for your time.


(estimated time to take: 4 min.)
OWASP in the News

   - *ZAP Browser Launch
   Blog; August 22, 2017
   - *Forum Systems Lauds Recognition of API Security in OWASP Top 10
   Security; August 21, 2017

[image: Projects]
OWASP Top 10 2017 Project Update

The OWASP Top 10 is the most heavily referenced, most heavily used, and
most heavily downloaded document at OWASP. Therefore, it rightfully has a
greater level of scrutiny and a greater level of review as befitting a
Flagship project.

Under new leadership, the project has issued a second call data and survey
which will end on September 18th. You can read more about it on the Top 10
Blog post
at the OWASP Blog.
OWASP Project Reviews @ APPSEC USA 2017

Once more OWASP is reviewing projects who wish to graduate from Incubator
to Lab to Flagship at this workshop. We are also performing some more
detail health checks. The purpose of these assessments is to determine
whether a project meets the minimum criteria to graduate as outlined
in the Project
Health Assessment Criteria Document
The review process begins with an initial self-assessment done by the
project leader and reviewed by Matt Tesauro. Next, the assessment enters
the peer review phase where we ask volunteers in our OWASP Community to
participate and finalize the results. Here's a Sample of a Project
to give you an idea what these look like.

We are still looking for more volunteers to help in this mission. Sign Up!

*OWASP Project Reviews @ APPSEC USA 2017
<https://www.owasp.org/index.php/OWASP_Project_Reviews_2017> - Funding
Incentive is Available!*

Please contact Claudia Aviles Casanovas and Matt Tesauro with any questions.

[image: Events]
Utilizing DevSecOps to Its Fullest Potential at AppSec USA

DevSecOps will be one of the most discussed topics at this year’s AppSec
conference for obvious reasons. It’s one of the fundamental building blocks
of security, development, and organizational growth. We’ll have plenty of
DevSecOps talks and workshops to keep you busy, but here are a few of this
year’s highlights:

*Overcoming Mobile App Security Challenges with DevOps (Thursday, 9/21 @
11:30am):* Solution Engineer for NowSecure, Brian Lawrence examines some of
the most common reasons companies struggle without consistent DevOps
programs. He’ll look at challenges such as technology fragmentation, how
mobile apps expose enterprise architecture, the unending updates cycle, and
more before framing some successful DevSecOps processes to mitigate these

*Making Vulnerability Management Less Painful with OWASP DefectDojo
(Thursday, 9/21 @ 1:30pm):* Let Greg Anderson, Senior Security Engineer for
Pearson, take some of the pain and tedium out of vulnerability management
by introducing you to DefectDojo. He’ll demo this enterprise-level tool’s
ability to automate, report, scan, and service vulnerabilities to make your
-and your engineers’ - lives easier.

*WAFs FTW! A Modern DevOps Approach to Security Testing Your WAF (Thursday,
9/21 @ 3:30pm):* In this lecture Zack Allen, Threat Operations Manager at
ZeroFox, examines a framework to test arbitrary Web Application Firewall
implementations and explores rapid prototyping of attack payloads without
relying on developer support to verify WAF defenses and make this tool more
valuable than ever.

*Core Rule Set for the Masses (Friday, 9/22 @ 11:30pm):* Although
ModSecurity - OWASP’s very own web application firewall - is widely
considered an exceptional security tool, maintaining and managing the
system can be tedious, time consuming and difficult. OWASP volunteer Tin
Zaw and Robert Whitely, Security Solutions Architect for Verizon Digital
Media Services, work together to share some benefits of enhancing and fine
tuning to spend less time managing and more time enjoying ModSecurity.

*How to Stop Worrying About Application Container Security (Friday, 9/22 @
2:30pm):* Information Security Engineer for the US Citizenship and
Immigration Services (USCIS), Brian Andrzejewski challenges existing
security models by harnessing containers to deploy applications securely
and swiftly. He’ll use his experience at USCIS as a case study to frame
this innovative concept and discuss the merits of building a container
Volunteer spots for AppSec USA now open!

OWASP has volunteer positions available for AppSec USA. If you are
interested, please take a moment to choose your shifts through this

If you are volunteering in exchange for your ticket you will receive an
email explaining how to register for the conference. If you are planning on
doing this, please remember that you will need to sign up for 8 hours worth
of shifts and OWASP does not cover travel or accommodations.

Remember to consult the Conference Schedule
to make sure that you do not choose a shift that conflicts with your
preferred talks.

Volunteer Orientation is on-site Monday evening. You will receive an email
with the exact time and location closer to the event. If you can't make it,
please let us know!
OWASP World Tour

This year the strategic goal
of OWASP is to raise awareness and spread application security knowledge
world-wide by hosting a training world tour
The 2017 world tour will have three, free mass application security
training events. Each one-day AppSec training course will teach 500
developers, software testers and entry level application security
professionals core security topics.

Our goal is that each training will combine general security principles
such as the principle of least privilege, using secure defaults, reducing
attack surface with AppSec specific topics such as parameterized queries to
prevent SQLi and input validation and encoding. We are also interested in
teaching how OWASP Projects can assist in developing secure software.

As part of the OWASP World Tour
we are inviting all professional trainers to apply to the Call for Training
for your opportunity to train in Tokyo, Boston, or Tel Aviv. Training will
close in this month, so apply today!

If you are interested or know someone who is interested in attending the
OWASP World Tour near you, please keep an eye on the OWASP Blog or OWASP
World Tour Wiki Page
for registration.
5th Annual AppSec Bucharest

OWASP Bucharest team is happy to announce the OWASP Bucharest AppSec
Conference 2017
at Hotel Caro; a three day security and hacking conference dedicated to the
application security. The event will be in English, with cutting-edge
topics presented by renowned security professionals.

The CfP is open
through September 9th as is the Call for Training

Oct 11th and 12th are dedicated to trainings and on the 13th talks and
workshops will run in parallel. We will also have CtF with a grand prize of
1024 Euros. Conference talks are free however, you need to register

More information, including the current training schedule available on the
Upcoming Events

   - AppSec USA 2017
— September
   19–22, 2017; Orlando, Florida, USA
   - AppSec Europe 2018
— June
   17–21, 2018; Tel Aviv, Israel

Regional and Local Events

   - AppSec AU — September 7–9, 2017; Melbourne, Australia
   - OWASP Indonesia Day
— September
   9, 2017; Yogyakarta, Central Java, Indonesia
   - Cheat Sheet Workshop with Jim Manico
— September
   10-12, 2017;Frankfurt, Germany
   - ARMSec
— September
   28, 2017;Yerevan, Armenia
   - New York Metro Joint Cyber Security Conference
— October
   5, 2017;New York, NY
   - OWASP Bucharest AppSec Conference 2017
— October
   6, 2017; Bucharest, Romania
   - OWASP BASC 2017
— October
   14, 2017; Boston, MA, USA
   - AppSec Israel 2017 — October 17–18, 2017; Tel Aviv, Israel
   - LASCON 2017
— October
   26–27, 2017; Austin, TX, USA
   - OWASP Benelux Day 2017
— November
   23–24, 2017; Tilburg, the Netherlands
   - OWASP AppSec Africa 2018 — May 10–12, 2018; Morocco

Training Events

   - OWASP Cyber Security Explorer
— August
   10–11, 2017; Amity University, Rajasthan, India
   - OWASP Training Day 2017  — October 4, 2017; Portland, OR, USA
   - OWASP World Tour  — September 30, 2017; Tokyo, Japan,
   - OWASP World Tour  — October 9, 2017; Boston University, Boston, MA, USA
   - OWASP World Tour  —  October 17th, 2017; Tel Aviv, Israel

Developer Summits

   - OWASP Developer Summit
— September
   19–20, 2017; AppSec USA 2017, Orlando, FL, USA

Partner and Promotional Events

   - Security BSides Amsterdam
— September
   1, 2017; Amsterdam, Netherlands
   - (ISC)2 Secure Johannesburg 2017
— October
   5, 2017; Johannesburg, South Africa
   - https://edgesecurityconference.com/
    — October 17-18, 2019; Knoxville, TN
   - ISACA Ireland Conference 2017
— October
   20, 2017; Ireland
   - IoT Tech Expo North America
— November
   29-30, 2017; Santa Clara

*[image: Chapters]*
*OWASP Go Live?*

We are looking Chapters interested in participating in the alpha test of
the OWASP Discourse system. You can read more about the requirements
on the OWASP
Discourse roll out plan
If interested please fill out this form of interest


*[image: Membership]*
*June 2017 Corporate Members*

*August 2017 Corporate Members*

We would like to thank the following companies for supporting the OWASP
The companies listed below have contributed this month by either renewing
their existing
Corporate Membership or joining OWASP as a new Corporate Member.

Details about Corporate Membership can be found *here*

*Contributor Corporate Members*

Code Dx is committed to reducing barriers to effective application
security. Our automated application vulnerability correlation and
management tools help find and fix insecure code faster, with less effort
and a smaller team. Focus your precious resources on developing valuable
new features, and ship secure code faster and more often.
For more information, please visit https://codedx.com/

Founded in 1975, Information Builders continues to deliver state-of-the-art
technology that is transforming business in all commercial industries,
government, and education. We remain one the largest independent, privately
held companies in the software industry. Headquartered above Madison Square
Garden in New York, Information Builders operates in more than 60 global
locations and has built an active customer base of tens of thousands of
major installations at the world's leading organizations. Information
Builders is not only a major software supplier to our customers, but also a
major provider to the leading software vendors in the industry including
HP, IBM, Oracle, SAP, Teradata, and many others. In addition to our
commitment to superior software engineering, we are equally proud of our
people. Some of the most talented and creative professionals in the
industry work at Information Builders and are passionate about what they
do. In fact, the professionalism and tenure of our employees is often cited
as a major differentiator by our customers. Our reputation for customer
service has garnered us the highest honors from “CRM” magazine, the SSPA,
and the American Business Awards. Our products and services have received
top recognition from independent analyst research firms including Gartner,
Forrester, Ventana Research, BARC, Butler, Bloor, and The Data Warehouse
Institute (TDWI). Most importantly, our customers have received the most
information technology and business awards for their accomplishments. More
than 50 of our customers have had their information systems inducted into
the Smithsonian Institute for superior information technology achievement
through the Computerworld Honors Program. http://www.


*Want your company name here? *
Find out how by visiting our *Corporate Member*
page, or contact Kelly Santalucia <kelly.santalucia at owasp.org>, our
Membership & Business Liaison today!

Thank you to all of our *Premier and Contributor Corporate Members*
<http://cts.vresp.com/c/?TheOWASPFoundation/815d9458a9/TEST/5c9c3d45ce> for
your support!

*The OWASP Foundation, 1200C Agora Drive #232, Bel Air, Maryland, 21014,

Click to view this email in a browser

If you no longer wish to receive these emails, please reply to this message
with "Unsubscribe" in the subject line or simply click on the following
link: Unsubscribe <http://cts.vresp.com/u?51c86f4f89/486ca33027/mlpftw>
The OWASP Foundation
1200-C Agora Drive
Bel Air, Maryland 21014
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-egypt/attachments/20170829/fefcdfdc/attachment-0001.html>

More information about the Owasp-egypt mailing list