[Owasp-france] OWASP Connector March 18

Ludovic Petit ludovic.petit at owasp.org
Wed Mar 19 06:19:15 UTC 2014

Bonjour à tous,

Ci-joint l'OWASP Connector de Mars.

 ---------- Message transféré ----------
De : "The OWASP Foundation" <The_OWASP_Foundation at mail.vresp.com>
Date : 19 mars 2014 01:50
Objet : OWASP Connector March 18
À : <ludovic.petit at owasp.org>
Cc :

  [image: OWASP Global Connector]

March 18, 2014 | |
Brought to you by the OWASP Foundation
   [image: owasp projects]  Featured OWASP Project

OWASP Passfault<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/f61f18b752>

When setting a password, OWASP Passfault examines the password, looking for
common patterns. It than measures the size of the patterns and combinations
of patterns. The end result is a more academic and accurate measurement of
password strength. When setting a password policy, OWASP Passfault
simplifies configuration to one simple meaningful measurement: the number
of passwords found in the password patterns. This measurement is made more
intuitive and meaningful with an estimated time to crack.

For more information, please contact the Project Leader, Cam
New OWASP Projects


The project aims to gather participants to improve the ISO standards about
application security and secure coding. The ISO Project is currently
seeking expert participants to create working groups that would contribute
to the ISO guidances within the ISO Project.

For more information, please contact the Project Leader, Sebastian
Gioria.<Sebastian.Gioria at owasp.org>

OWASP Top 10 Privacy Risks Project

OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for
privacy risks in web applications because currently there is no such
catalog available. The list will cover technological and organizational
aspects like missing data encryption or the lack of transparency.

For more information, please contact the Project Leader, Florian
Stahl.<florian.stahl at owasp.org>

OWASP WASC Web Hacking Instances Database Project

The OWASP WASC Web Hacking Incidents Database Project is a project
dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents. The database is unique in
tracking only media reported security incidents that can be associated with
a web application security vulnerability.

For more information, please contact the Project Leader, Ryan
Barnett.<ryan.barnett at owasp.org>

OWASP Security Frameworks Project

The OWASP Security Frameworks Project is a series of design patterns that
can be used by language designers and architects to create secure
frameworks for developers, thereby relieving developers of the work of
implementing security themselves. The ultimate goal is to have as much
security as possible built into the programming environment so that
developer mistakes and omissions are less likely to lead to security

For more information, please contact the Project Leader, Ari Elias-Bachrach

OWASP WASC Distributed Web Honeypots Project

The goal of the OWASP WASC Distributed Web Honeypots Project is to identify
emerging attacks against web applications and report them to the community
including automated scanning activity, probes, as well as, targeted attacks
against specific web apps. The scope of this project has recently been
expanded to include deployment of both standard web application honeypots
and/or open proxy honeypots.

For more information, please contact the Project Leader, Ryan
Barnett.<ryan.barnett at owasp.org>

OWASP Click Me Project

The OWASP Click Me Project is aimed at having a simple GUI which helps to
create a test page for Clickjacking attacks.This is an attack which targets
the clickable content on a website. OWASP Click Me tool will help you to
test whether your site is vulnerable to this attack by creating a html page
that will try to load your web site from a frame.

For more information, please contact the Project Leader, Arun Kumar

OWASP Secure TDD Project

The OWASP Secure TDD Project allows organizations to integrate security
into the Test Driven Development (TDD) lifecycle. The OWASP Secure TDD
Project contains an open source tool written for .NET developers in order
to allow generation of the most common tests out of the box and enable
developers to consciously improve the project by developing additional
tests or extensions.

For more information, please contact the Project Leader, Arun Kumar
Adopted Projects

OWASP LAPSE Project<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/3a7671774f>adopted
by Greg
Disney Leugers <gregory.disney at owasp.org>

OWASP Orizon Project<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/6c924ee6d3>adopted
by Greg
Disney Leugers <gregory.disney at owasp.org>

OWASP SQLiX project<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/e5bf5bd59e>adopted
by Anirudh
Anand <anirudh.anand at owasp.org>
    [image: owasp communication]  The OWASP Platform is getting a facelift

Coming soon, we will be unveiling the initial phases of a new, consolidated
Community Platform.

Gone are the days of complicated membership registration, and tedious event
registrations. Imagine, being able to manage your membership, any events,
donations, and update your information in ONE location!

Additional Features like community resources, OWASP FAQ, and collaborative
groups with community polls, are just some of the enhancements that will be
released during 2014.

We will be providing detailed information and instructions in the coming
     [image: conferences]  Global AppSec Events in 2014

AppSec LATAM 2014 - LATAM Tour (April 21 - May

*Registration is now open!* Please refer to the tour pages for the location
you want to register for.

In 2014, instead of holding an AppSec LATAM Conference, we organizing a
LATAM Tour which we hope will bering together LATAM community members
together to spread the OWASP mission. Here are the sheduled stops for the

   - April 21-22, Costa Rica (San Jose)
   - April 22-23, Chile (Santiago)
   - April 23-24 Ecuador (Quito & Guayaquil)
   - April 25-26 Peru (Lima)
   - April 28-29 Panama (Panama)
   - April 29-30 Uruguay (Montevideo)
   - May 5-6 Venezuela (Caracas)
   - May 6-7 Colombia (Bogota)
   - May 8-9 Argentina (Buenos Aires)

Sponsorship Opportunities<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/d697d008b3>are
available as well. Please find further information on the
Tour Wiki Page.<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/d96fef78ce>

AppSec EU 2014 (June 23 - 26, Cambridge,

Registration is now

   - Training - June 23-24, Conference - June , 25-26
   - Sponsorship details are now
   - Call for papers, presentations and
now open. The deadline to submit is March 21, 2014

AppSec USA 2014 (September 16 - 19, Denver,

   - Training - September 16-17, Conference - September 18-19
   - Sponsorship
now available.
   - More information on the call for papers and training - Coming Soon

Upcoming Regional Events

LASCON 2014 (October 21 - 24, Austin,
Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to grow
our community and build awareness around software security. If you want to
learn more about OWASP's involvement or will be attending and want to help
out contact us<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/71b0b03c83>

InfoSec World Conference & Expo
April 7-9, 2014. OWASP Members receive a 10% discount off the standard
conference registration fee by using discount code: OS14/OWASP

Cyber Security Summit<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/c70d8ef7e3/utm_source=media-partner&utm_medium=event-listing&utm_campaign=owasp>,
April 9-10, 2014. Prague, Czech Republic. OWASP Members receive a 20%
discount off of the general event registration fee by using THIS

THOTCON - Chicago's Hacking
April 25, 2014, Chicago IL.
    [image: owasp projects]  Project Announcements

Project Summit 2014

The 2014 OWASP Summit is currently in the planning process. We have managed
to acquire a great space at Anglia Ruskin University thanks to the AppSec
EU 2014 planning team. We are currently looking for summit track and
session and ideas and would like the imput of our project leaders to help
us design the 2014 Project Summit. What projects, topics, working sessions,
and tracks you would like to see or participate in at this year's summit?
Submit your ideas to Samantha Groves. <Samantha.Groves at owasp.org> and help
us create our best Project Summit yet!

OWASP Yasca Needs an Interim

The OWASP Yasca Project is currently in need of an interim project leader
for a 2014 tools based, in-person, working session that will potentially be
funded. Those interested in this opportunity should familiarize themselves
with the OWASP Yasca Project:

For more information about taking up the post as interim leader for the
OWASP Yasca Project, please contactSamantha Groves<Samantha.Groves at owasp.org>

OWASP Projects on Ohloh

Recently, OWASP joined
which is an Open Source platform that allows viewers to get more
information on open source projects. The aim of this repository transition
is to make it easier to track project progress and to offer better review
results to leaders. We are asking that project leaders create an Ohloh
account for their project, to create easy access to repositories for OWASP
projects, and to better assist in project reviews. Account creation takes
just a few minutes and Ohloh allows you to link as many repositories as you
like, from Github, to SourceForge.
    [image: social media]  OWASP Foundation Social Media



Google +<http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/b66ba4fd07/4205edee5b>



     [image: membership]  Thank you to our renewed Corporate Members:

   - Aspect Security
   - Denim Group
   - MStar Semiconductor, Inc.
   - PwC Technology
   - Rakuten
   - Trustwave SpiderLabs

    [image: communication]  OWASP is Growing!

We are pleased to announce the newest member of the OWASP Staff, our new
Community Manager, Genevieve (GK) Southwick.

About GK: GK Southwick has been working in the Event Planning space for
over 20 years. Starting with Physical Security in 1990, she eventually
moved on to roles in Operations, Production, Facilities and Technical
Direction, with an emphasis on personnel management. Active as a volunteer
in the InfoSec space, she is Producer and President of the Board at
Security BSides Las Vegas, is second in command of Physical Safety and
Security at DerbyCon, afternoon Stage Manager and volunteer coordinator for
DEFCON SkyTalks, and until moving to Denver in 2013, was head of Safety and
Security and Volunteer coordinator at Security BSides San Francisco. She
now volunteers with BSidesDenver, where she's currrently running
Registration. She has also run Safety and Security for BruCon in Belgium
and at BSidesATL, as well as helping out wherever necessary at SOURCEBoston.

GK is excited to bring her extensive volunteer management experience to
OWASP, as she takes on the role of Community Manager. She's looking forward
to the challenges and opportunities ahead of her while expanding the
volunteer base within the organization, and working closely with the
Chapter Leaders, to help them fulfill the OWASP Mission and assist them
with their operational needs.

GK has a secondary diploma in Homeland Security from Bryman College, San
Jose, where she graduated in 2004 With Honors.

GK's Community Management Role with OWASP: GK will be helping OWASP to
continue building a platform to encourage volunteer participation the OWASP
community. She will also be working with the chapters to support their
efforts and help them grow OWASP's presence around the world GK has a
passion for this community and mission as well as invaluable experience in
organizing and motivating people.
Just for Fun

We would like to congratulate Michael Conlon for submitting the first
correct response to last issue's puzzle. Thank you to everyone who
submitted your response. If you missed the question, you can find it
on the OWASP

*The Blue Knight, assuming that she did not drink too much to impede her
ability to walk, would take 2.5 hours to make the journey between the
World's End Pub and the castle on foot.*

*This issue's challenge*

Mr. Slow, Mr. Medium, Mr. Fast, and Mr. Speed must cross a rickety rope
bridge in 17 minutes. The bridge can carry at most two people at a time.
Furthermore, it's dark, and there is only one flashlight; any single person
or pair of people crossing the bridge must have the flashlight with them.
(The bridge is too wide for the flashlight to be thrown; it must be carried
across.) Each man walks at a different speed. A pair travelling together
must walk at the rate of the slower man. Mr. Slow can cross the bridge in
at most 10 minutes; Mr. Medium can cross in 5 minutes; Mr. Fast can cross
in 2 minutes; Mr. Speed can cross in 1 minute. How do all four men get
across in the bridge in 17 minutes?

Please submit your answers HERE <support at owasp.org>
    [image: Membership]  OWASP Member Spotlight - Lee Cambria, Pittsburgh,

As an organization driven by it's membership community, it's high time we
dedicate some space to recognizing YOU!

Lee Cambria <Lee.Cambria at owasp.org> got involved in OWASP when she took
over the defunct Pittsburgh, PA Chapter.

Lee says: "I am Lee Cambria and have been in the Information Technology
field for over 20 years. I have spent the last 8 years of my career focused
on information security. My last two positions have been with major
financial institutions where there is a heightened awareness for all
aspects of security. Over the years I constantly find myself referring to
the works of OWASP and promoting the value it brings to the security

The reason I was initially drawn to OWASP years ago was the caliber of
security minded people that I knew who supported and actively participated
in OWASP. In addition to this OWASP is a recognized leader in application
security among ethical hackers and application programmers alike. It
provides a risk based approach and encourages innovated thinking and free
exchange of ideas."

  Click to view this email in a

If you no longer wish to receive these emails, please reply to this message
with "Unsubscribe" in the subject line or simply click on the following
link: Unsubscribe <http://cts.vresp.com/u?bcf8e26fc0/b66ba4fd07/mlpftw>
  The OWASP Foundation
1200-C Agora Drive
Bel Air, Maryland 21014

Read <http://www.verticalresponse.com/content/pm_policy.html> the
VerticalResponse marketing policy.
  [image: Non-Profits Email Free with VerticalResponse!]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-france/attachments/20140319/15bf8e38/attachment-0001.html>

More information about the Owasp-france mailing list