[Owasp-japan] Fwd: OWASP July 8, 2014 Connector​

Riotaro OKADA riotaro.okada @ owasp.org
2014年 7月 9日 (水) 03:42:13 UTC

OWASP より、Global Connectorです。

WASPY AWARDに少なからぬ日本メンバーがノミネートされているようです。




---------- Forwarded message ----------
From: "The OWASP Foundation" <The_OWASP_Foundation at mail.vresp.com>
Date: Wed, Jul 9, 2014 at 8:48 AM
Subject: OWASP July 8, 2014 Connector
To: "riotaro at techstyle.jp" <riotaro at techstyle.jp>

> July 9, 2014  |   | www.owasp.org -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/337907c997   | Contact Us -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/a4c1879faf   |  Brought to you by the OWASP Foundation
> Featured OWASP Project
> OWASP Java Encoder Project -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/a15befe236
> The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in
> high-performance encoder class with no dependencies and little
> baggage. This project will help Java web developers defend against
> Cross Site Scripting! The OWASP Java Encoder library is intended for
> quick contextual encoding with very little overhead, either in
> performance or usage. To get started, simply add the
> encoder-1.1.1.jar, import org.owasp.encoder.Encode and start
> encoding.
> For more information, please contact the Project Leaders, Jeff
> Ichnowski - jeff.ichnowski at gmail.com  and  Jim Manico -
> jim.manico at owasp.org
> New OWASP Projects
> OWASP Faux Bank
> Faux Bank has all 10 of the top vulnerabilities implemented, as well
> as fixes for these vulnerabilities. The idea is that developers can
> see a real-world system with vulnerabilities, so that they can see
> what to look for and how to write secure code. The OWASP Faux Bank
> wiki page can be found here. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/cf661e5268    For more information, please contact the Project Leader, Davie
> Elliott. - davie.elliott at owasp.org
> OWASP Store Sheep Project
> OWASP Store Sheep is a work in progress application do demonstrate
> security concepts relating to Windows Store Apps. Store Sheep is a
> training app for Developers wishing to learn to securely code a
> Windows Store ('Metro Style') App, and Testers wanting to learn to
> test one. It contains a number of security vulnerabilities with
> explanations and fixes for them. The project page for the OWASP Store
> Sheep project can be found here. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/b39bbe0557  For more information, please contact the Project Leader, Marion
> McCune. - marion.mccune at owasp.org
> OWASP SonarQube Project
> OWASP Sonarqube Project consist to deliver a set of "standard"
> profile for security, like OWASP Top10 profile, ASVS profiles,
> PCI-DSS profile,ISO 27034ASC profile, ....who can be used by team
> with the support of OWASP Community. More than 20 programming
> languages are covered through plugins including Java, C#, C/C++,
> PL/SQL, Cobol, ABAP. The OWASP SonarQube Project is looking to expand
> the offered languages, and is looking for language experts in .NET,
> PHP and any other language. The project page for the OWASP SonarQube
> Project can be found here. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/fa22306cb5  For more information, please contact the Project Leaders, Sebastien
> Gioria. - sebastien.gioria  and Freddy Mallet -
> freddy.mallet at sonarsource.com
> OWASP URL Checker
> OWASP URL Checker is an open source scrip-table tool to scan websites
> for URL's which may lead to information divulging, exploits and
> common attack patterns. This tool will check a user defined website
> for potentially exploitable/ vulnerable URL's by comparing them
> against the URL extensions in the database. The project page for the
> OWASP URL Checker can be found here. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/8ca8dacaf0  For more information, please contact the Project Leader, Craig Fox.
> - craig.fox at owasp.org
> Project Announcements
> OWASP Security Shepherd New Version
> The new version of the OWASP Security Shepherd Project was released
> earlier this month. The project now has 50 lessons and challenges
> based on risks from both the Top Ten Mobile and Web App Security Risk
> lists. OWASP Security Shepherd is perfect for those who are looking
> to learn about appsec for the first time or are well seasoned in the
> arts of pen-testing and are looking for a challenge.
> More information can be found  ON THE WIKI PAGE -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/2f66a734bd  or you can contact the project leader Mark Denihan -
> markdenihan at owasp.org
> Research Assistant Needed for the Developer guide
> The Developer Guide Project is looking for an honors student or
> masters student to replicate the 1979 paper by Morris and Thompson.
> It has been many years since we've had statistically sound research
> into the basic properties of the password. Morris and Thompson
> introduced countermeasures that we still use today (30 day password
> rotation, min six character passwords) that made sense for a PDP
> 11/870 back in 1979.                                 The project
> leaders would like a cryptographer research student or masters
> student to help look into session tokens, particularly RESTful API
> tokens. The basic topic would be a short paper on the necessary
> properties to protect against session prediction, session recovery,
> side channel attacks against sessions, and investigate a few sample
> session issuers, such as RESTful API in common use.
> If you are interested in helping the Developer Guide, please contact
> Andrew van der Stock - vanderaj at owasp.org .
> New Set of Architectural Security Principles
> The Reverse Engineering and Code Modification Prevention project has
> released a set of architectural security principles that enforce
> integrity preservation in mobile apps.  This is an updated list of
> principles / controls that security architects will find useful when
> enforcing code integrity within their mobile apps.
> For the complete list of the integrity controls and underlying
> security principles, check out the Architectural Principles
> sub-project. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/8199212d6a
> New Dependency Check Version 1.2.3 Out Now
> On June 28th, the OWASP Dependency Check released version 1.2.3.
> Dependency Check can be used to analyze an applications dependent
> libraries (Java and .NET) to identify and report on any known,
> published vulnerabilities related to the libraries being used. The
> tool will be demoed during the Black Hat Arsenal in Las Vegas on
> Wednesday, August 6th.
> You can find the newest release of the OWASP Dependency Check on the
> project page. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/9e9453c660
> OWASP Foundation Social Media
> LinkedIn -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/5205f7a376
> Twitter -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/6b2fa6d3e0
> Google + -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/03ba220816
> Facebook -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/68b0d64ea1
> Ning -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/0d83b3843f
> StackOverflow -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/a79fc27651/tab=newest&q=owasp
> WASPY Award Nominations are Complete
> Every year a group of individuals including researchers, developers,
> security professionals, and others work to ensure the security of web
> applications.  Some of these individuals are featured in news stories
> or at conferences as recognized experts. But there are many other
> ‘unsung heroes’ that work every day to improve web application
> security and yet are rarely recognized.
> The Web Application Security People of the Year (WASPY) Awards is the
> OWASP Community's opportunity to recognize those individuals who have
> made an impact by leveraging the OWASP platform.
> Best Chapter Leader                                                  
>            Sebastien Deleersnyder - Belgium                          
>       Jonathan Marcil - Montreal                                
> Riotaro Okada - Japan                                 Ron Perris -
> Orange County                                 Sen Ueno - Japan
> Best Project Leader                                                  
>                                    Tokuji Akamine - OWASP XSecurity
> Project                                             Spyros Gasteratos
> - OWASP Hacademic Challenges Project                                 
>            Achim Hoffman - OWASP O-Saft                              
>               Jeremy Long - OWASP Dependency Check                   
>                          John Melton - OWASP AppSensor               
>                              Matteo Meucci - OWASP Testing Project
> Best Mission Outreach                                                
>                                          AppSec USA 2013 Team -
> AppSec USA 2013                                                
> Jonathan Marcil - OWASP Videos                                       
>          Mostafa Siraj - Cairo Chapter
> Best New Community Supporter                                         
>                                                     AppSec APAC 2014
> Team - AppSec Asia Pac 2014                                          
>       Robert Dracea - AppSec Asia Pac 2014 - Japan                   
>                              Beth Guth - South New Jersey            
>                                     Takanori Nakanowatari - AppSec
> Asia Pac 2014 - Japan
> Congratulations to all the nominees!  You can read the full write up
> on each persons accomplishments on the  2014 WASPY Awards Wiki Page -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/4a16aea7db
> Honorary Membership applications now being accepted.
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/220d54e8a9  to find out if you qualify for Honorary Membership Deadline to
> submit your application -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/1486722298  is September 30, 2014.
> .                                                                    
>           Global AppSec Events in 2014
> AppSec USA 2014 (September 16 - 19, Denver, CO) -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/706f9ab172
> Keynotes announced!  Steve Crusenberry, Gary McGraw, and Bruce
> Schneier                                     Sponsorship
> opportunities are still available. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/bd6dccc60f                                      Training sessions now posted 
> HERE -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/b6e341e4d9                                      Member Event Registration -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/36ef044bbe                                      Public Registration -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/ade515af23/id=a2oU0000000LJBkIAO ,
> Upcoming Regional Events
> MSP Day of Talks (July 21, 20014, Minneappolis, MN) -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/d3947a97a2/ref=enivtefor001&invite=NjE5ODg4NS9hbGV4LmJhdWVydEBvd2FzcC5vcmcvMA%3D%3D&utm_source=eb_email&utm_medium=email&utm_campaign=inviteformalv2&utm_term=attend&ref=enivtefor001
> BASC (October 18, Boston, MA) -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/bf681d5276
> LASCON 2014 (October 21 - 24, Austin, TX) -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/7c2c3e6ee1
> Partner and Promotional Events
> OWASP has partnered with these great events in beginning of 2014 to
> grow our community and build awareness around software security. If
> you want to learn more about OWASP's involvement or will be attending
> and want to help out contact us -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/d1d2870f5d
> Secure Asia 2014 -
> %20http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/235379c8b1 , (July 23-24), Bejing, China.
> BlackHat -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/8e96af6a6d  (August 2-7), Las Vegas, NV.  OWASP Members receive $200 off BH
> briefings with code:  owaBR200off.
> BSides LV -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/bb450ddf50 , (August 5-6), Las Vegas, NV.
> EC-Council TakeDown Con -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/24db425031 , (August 14-19), Huntsville, AL.
> Fraud Summit Toronto -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/7a1d98633b , (Sept 8, 2014) Toronto, Canada.
> (ISC)2 Security Congress -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/d845f6a964 , (Sept 22 - Oct 2), Today’s employers are seeking software
> developers that have the knowledge and expertise to build secure,
> hacker-resistant software. Do you have what it takes? Prove it with a
> Certified Secure Software Lifecycle Professional (CSSLP®)
> certification from (ISC)2 . Validate your competence in secure
> software development in new and evolving environments, including the
> cloud, mobile and more. Watch the CSSLP webcast series -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/e457476ed6/utm_campaign=csslp&utm_source=owaspbiweeklyconnector&utm_medium=banner&utm_content=webcasts  to get started.  Atlanta, GA.
> EC-Council Hacker Halted -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/7f2e285766 (October 12-17, 2014) Atlanta, GA
> ISSA International Conference -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/0f9953cedf/issaconf_home  (October 22-23), 2014, Orlando, FL
> 3rd Annual CISO Asia Summit and Roundtable -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/bc278257d4  (November 5-9), 2014, Singapore
> Suits & Spooks -
> 14%20http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/a41ea33989 , (December 14), Singapore.
> International Conference on Cyber Security -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/35b32f0250 , (January 5-8, 2014), New York, NY.
> Just for Fun
> We would like to congratulate Javier Coirolo for submitting the first
> correct response to last issue’s puzzle. Thank you everyone who
> submitted responses.
> Click here to view last issue's puzzle -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/9b23c1d7fe
> Here is this issue's challenge...
> A chicken farmer has figured out that a hen and a half can lay an egg
> and a half in a day and a half. How many hens does the farmer need to
> produce one dozen eggs in six days?
> Send your answers to our comment desk - support at owasp.org  for a
> chance to win a prize.  Winners will be announced in the next
> connector.
> Governance                             Request for Comment: 
> Committees 2.0 Structure
> The model outlined below represents a potential implementation of the
> idea currently being described as OWASP Committees 2.0.  We aim to
> leverage the lessons learned from our previous committee model to
> create a new model that grows our leadership circles and empowers our
> leaders for more rapid action, while still ensuring that their
> activities stay true to OWASP’s core values.  It is still a
> work-in-progress, but represents the contributions from the OWASP
> Board, the OWASP Executive Director, OWASP Staff, Dinis Cruz, Johanna
> Curiel, and various others.
> Click here to review the document. -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/21cf563932
> This is your opportunity to have a voice in the future of OWASP
> governance.  We look forward to hearing your thoughts on this
> proposal.
> 2014 Global Board of Directors Election
> Please visit our 2014 Board Elections page -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/217f8dbc9d  for frequent updates.   Our Call for Candidates is only open until
> August 15!  Please submit your candidacy here -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/1cae128b99 .
> Once confirmed, the candidates will conduct individual interviews
> answering questions from the community.  Anyone can submit a
> question(s), vote up or vote down existing questions.  The top 5 to 6
> questions will then be used for each candidate’s interview.  If you
> have a question you would like to submit, please do so here -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/cac28f17ee .
> For a complete Election Time line, Click Here -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/e47c2b18fa                                       Global Board of Directors
> Meeting Times
> Interested in what is going on with the Board of Directors?  Board
> meetings are open to the public, and upcoming meetings as well as
> agendas are posted to the Board wiki page -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/04a1b4531d
> Upcoming 2014 Meetings
> July 9, 2014 9am-10am PST                                        
> August 13, 2014, 9am-10am PST                                        
> September 10, 2014, 9am-10am PST                                     
>    September 16, 2014, 6pm - 9pm MST (in person at AppSec USA
> Reminder:  Discussing Governance at OWASP
> We have an open mailing list for discussing the overall topic of
> governance at OWASP.  Click Here -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/c84e29e461  to browse the list archives.
> Initiatives
> OWASP Winter Code Sprint
> We are thrilled to announce the launch of OWASP Winter Code Sprint
> (OWCS) for this upcoming Autumn/Winter (Sept 14-March 15).
> What is OWCS?
> The OWCS is a program to involve students with Security projects. By
> participating in OCWS a student can get real life experience while
> contributing to an open source project and getting university
> credits.
> How it works
> Any OWASP project that will give you university credits can
> participate in OCWS. Each project will be guided by an OWASP expert
> along with a professor. Students are graded by their University,
> based on success criteria identified at the beginning of the project.
> Projects are focused on developing security tools. It is required
> that the code any student produces for those projects will be
> released as Open Source. Universities are free to specify their own
> requirements to projects, such as written reports. OWASP does not
> influence the way grades are allocated. The OWASP advisers will
> provide any information professors need in order to grade their
> students.
> How to participate?
> As a Student:
> Review the list of OWASP Projects currently prticipating in OWCS     
>                                        Get in touch with the OWASP
> Project mentor of your choice                                        
>     Agree on deliverables with OWASP mentor and university professor 
>                                            Work away during
> Autumn/Winter 2014                                             Rise
> to Open Source Development Glory!
> As a Professor:
> Review the list of OWASP Projects currently prticipating in OWCS     
>                                        Get in touch with the OWASP
> Project mentor of your choice                                        
>     Promote the participating OWASP Projects among students          
>                                   Review student progress with help
> from OWASP mentors                                             Grade
> student work according to university scoring system                  
>                           Provide student grade results to OWASP
> mentor/s
> CLICK HERE for more information -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/606b09015f                                       OWASP Meet and Greet at
> BlackHat USA
> What does this mean?  Chapter and Project leaders that are already
> planning on attendingBlackHat USA 2014 can sign up for a 2 hour slot
> (or more) to promote their chapter and/or project at the OWASP booth.
> This will allow conference goers that may only know you via email to
> put a face to a name.  It will also provide you visibility to
> thousands of individuals to promote your chapter and/or project.
> We have a limited amount of "Expo Only" passes available if you were
> not planning on attending BlackHat but will be in Las Vegas on
> Wednesday, August 6 and/or Thursday, August 7 and want to promote
> your chapter/project at the OWASP booth.
> Leaders will be showcased for the time(s) you select and the leader
> with the most visitors over the two days will win a prize!
> To help us promote your chapter and/or project, please fill in the
> time(s) that best accommodates your schedule to be showcased at the
> OWASP BlackHat booth here -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/574a859ff8 .
> BSides 2014 Las Vegas Tuesday, August 5 - Wednesday, August 6
> Anyone that will be in Las Vegas and would like to help promote OWASP
> at our BSides booth is welcomed! Please select the time(s) that best
> fit your schedule to volunteer at the OWASP booth here -
> http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/1c1fc130d1/429dc3b178 . The volunteer with the most visitors over the course of the two
> days will win a prize! 
> ______________________________________________________________________
> Click to view this email in a browser
> http://hosted.verticalresponse.com/1479611/7d3680ebcc/544028427/1c1fc130d1/
> If you no longer wish to receive these emails, please reply to this
> message with "Unsubscribe" in the subject line or simply click on the
> following link: 
> http://cts.vresp.com/u?7d3680ebcc/1c1fc130d1/mlpftw
> ______________________________________________________________________
> The OWASP Foundation sent this email free of charge using
> VerticalResponse for Non-Profits. Non-Profits email free. You email
> affordably.
> The OWASP Foundation
> 1200-C Agora Drive
> #232
> Bel Air, Maryland 21014
> US
> Read the VerticalResponse marketing policy: 
> http://www.verticalresponse.com/content/pm_policy.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-japan/attachments/20140708/f946f962/attachment-0001.html>

More information about the Owasp-japan mailing list