[ OWASP - Montreal ] Nomination OWASP
olivier at bottomlesspit.org
Wed Jul 9 13:19:41 UTC 2014
Félicitations pour ta nomination! Comment on fait pour voter pour toi
Olivier Bilodeau <olivier at bottomlesspit.org>
On my mobile phone please excuse my brevity.
---------- Forwarded message ----------
From: "The OWASP Foundation" <The_OWASP_Foundation at mail.vresp.com>
Date: Jul 8, 2014 7:47 PM
Subject: OWASP July 8, 2014 Connector
To: <olivier at bottomlesspit.org>
[image: OWASP Global Connector]
July 9, 2014 | | www.owasp.org
| Contact Us
| Brought to you by the OWASP Foundation
[image: owasp projects] Featured OWASP Project
OWASP Java Encoder Project
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in
high-performance encoder class with no dependencies and little baggage.
This project will help Java web developers defend against Cross Site
Scripting! The OWASP Java Encoder library is intended for quick contextual
encoding with very little overhead, either in performance or usage. To get
started, simply add the encoder-1.1.1.jar, import org.owasp.encoder.Encode
and start encoding.
For more information, please contact the Project Leaders, Jeff Ichnowski
<jeff.ichnowski at gmail.com> and Jim Manico <jim.manico at owasp.org>
New OWASP Projects
OWASP Faux Bank
Faux Bank has all 10 of the top vulnerabilities implemented, as well as
fixes for these vulnerabilities. The idea is that developers can see a
real-world system with vulnerabilities, so that they can see what to look
for and how to write secure code. The OWASP Faux Bank wiki page can be
For more information, please contact the Project Leader, Davie Elliott.
<davie.elliott at owasp.org>
OWASP Store Sheep Project
OWASP Store Sheep is a work in progress application do demonstrate security
concepts relating to Windows Store Apps. Store Sheep is a training app for
Developers wishing to learn to securely code a Windows Store ('Metro
Style') App, and Testers wanting to learn to test one. It contains a number
of security vulnerabilities with explanations and fixes for them. The
project page for the OWASP Store Sheep project can be found here. For more
information, please contact the Project Leader, Marion McCune.
<marion.mccune at owasp.org>
OWASP SonarQube Project
OWASP Sonarqube Project consist to deliver a set of "standard" profile for
security, like OWASP Top10 profile, ASVS profiles, PCI-DSS profile,ISO
27034ASC profile, ....who can be used by team with the support of OWASP
Community. More than 20 programming languages are covered through plugins
including Java, C#, C/C++, PL/SQL, Cobol, ABAP. The OWASP SonarQube Project
is looking to expand the offered languages, and is looking for language
experts in .NET, PHP and any other language. The project page for the OWASP
SonarQube Project can be found here. For more information, please contact
the Project Leaders, Sebastien Gioria. <sebastien.gioria> and Freddy Mallet
<freddy.mallet at sonarsource.com>
OWASP URL Checker
OWASP URL Checker is an open source scrip-table tool to scan websites for
URL's which may lead to information divulging, exploits and common attack
patterns. This tool will check a user defined website for potentially
exploitable/ vulnerable URL's by comparing them against the URL extensions
in the database. The project page for the OWASP URL Checker can be found
For more information, please contact the Project Leader, Craig Fox.
<craig.fox at owasp.org>
OWASP Security Shepherd New Version
The new version of the OWASP Security Shepherd Project was released earlier
this month. The project now has 50 lessons and challenges based on risks
from both the Top Ten Mobile and Web App Security Risk lists. OWASP
Security Shepherd is perfect for those who are looking to learn about
appsec for the first time or are well seasoned in the arts of pen-testing
and are looking for a challenge.
More information can be found ON THE WIKI PAGE
or you can contact the project leader Mark Denihan <markdenihan at owasp.org>
Research Assistant Needed for the Developer guide
The Developer Guide Project is looking for an honors student or masters
student to replicate the 1979 paper by Morris and Thompson. It has been
many years since we've had statistically sound research into the basic
properties of the password. Morris and Thompson introduced countermeasures
that we still use today (30 day password rotation, min six character
passwords) that made sense for a PDP 11/870 back in 1979. The project
leaders would like a cryptographer research student or masters student to
help look into session tokens, particularly RESTful API tokens. The basic
topic would be a short paper on the necessary properties to protect against
session prediction, session recovery, side channel attacks against
sessions, and investigate a few sample session issuers, such as RESTful API
in common use.
If you are interested in helping the Developer Guide, please contact Andrew
van der Stock <vanderaj at owasp.org>.
New Set of Architectural Security Principles
The Reverse Engineering and Code Modification Prevention project has
released a set of architectural security principles that enforce integrity
preservation in mobile apps. This is an updated list of principles /
controls that security architects will find useful when enforcing code
integrity within their mobile apps.
For the complete list of the integrity controls and underlying security
principles, check out the Architectural Principles sub-project.
New Dependency Check Version 1.2.3 Out Now
On June 28th, the OWASP Dependency Check released version 1.2.3. Dependency
Check can be used to analyze an applications dependent libraries (Java and
.NET) to identify and report on any known, published vulnerabilities
related to the libraries being used. The tool will be demoed during the
Black Hat Arsenal in Las Vegas on Wednesday, August 6th.
You can find the newest release of the OWASP Dependency Check on the
[image: Social Media] OWASP Foundation Social Media
[image: membership] WASPY Award Nominations are Complete
Every year a group of individuals including researchers, developers,
security professionals, and others work to ensure the security of web
applications. Some of these individuals are featured in news stories or at
conferences as recognized experts. But there are many other ‘unsung heroes’
that work every day to improve web application security and yet are rarely
The Web Application Security People of the Year (WASPY) Awards is the OWASP
Community's opportunity to recognize those individuals who have made an
impact by leveraging the OWASP platform.
*THE 2014 NOMINEES ARE*
*Best Chapter Leader*
- Sebastien Deleersnyder - Belgium
- Jonathan Marcil - Montreal
- Riotaro Okada - Japan
- Ron Perris - Orange County
- Sen Ueno - Japan
*Best Project Leader*
- Tokuji Akamine - OWASP XSecurity Project
- Spyros Gasteratos - OWASP Hacademic Challenges Project
- Achim Hoffman - OWASP O-Saft
- Jeremy Long - OWASP Dependency Check
- John Melton - OWASP AppSensor
- Matteo Meucci - OWASP Testing Project
*Best Mission Outreach*
- AppSec USA 2013 Team - AppSec USA 2013
- Jonathan Marcil - OWASP Videos
- Mostafa Siraj - Cairo Chapter
*Best New Community Supporter*
- AppSec APAC 2014 Team - AppSec Asia Pac 2014
- Robert Dracea - AppSec Asia Pac 2014 - Japan
- Beth Guth - South New Jersey
- Takanori Nakanowatari - AppSec Asia Pac 2014 - Japan
Congratulations to all the nominees! You can read the full write up on each
persons accomplishments on the 2014 WASPY Awards Wiki Page
Honorary Membership applications now being accepted.
to find out if you qualify for Honorary Membership Deadline to submit your
is September 30, 2014.
[image: conferences] Global AppSec Events in 2014
AppSec USA 2014 (September 16 - 19, Denver, CO)
- Keynotes announced! Steve Crusenberry, Gary McGraw, and Bruce Schneier
- Sponsorship opportunities are still available.
- Training sessions now posted HERE
- Member Event Registration
- Public Registration
Upcoming Regional Events
MSP Day of Talks (July 21, 20014, Minneappolis, MN)
BASC (October 18, Boston, MA)
LASCON 2014 (October 21 - 24, Austin, TX)
Partner and Promotional Events
OWASP has partnered with these great events in beginning of 2014 to grow
our community and build awareness around software security. If you want to
learn more about OWASP's involvement or will be attending and want to help
out contact us
Secure Asia 2014 <http://www.informationsecurityasia.com/>, (July 23-24),
(August 2-7), Las Vegas, NV. OWASP Members receive $200 off BH briefings
with code: owaBR200off.
(August 5-6), Las Vegas, NV.
EC-Council TakeDown Con
(August 14-19), Huntsville, AL.
Fraud Summit Toronto
(Sept 8, 2014) Toronto, Canada.
(ISC)2 Security Congress
(Sept 22 - Oct 2), Today’s employers are seeking software developers that
have the knowledge and expertise to build secure, hacker-resistant
software. Do you have what it takes? Prove it with a Certified Secure
Software Lifecycle Professional (CSSLP®) certification from (ISC)2 .
Validate your competence in secure software development in new and evolving
environments, including the cloud, mobile and more. Watch the CSSLP webcast
to get started. Atlanta, GA.
EC-Council Hacker Halted
12-17, 2014) Atlanta, GA
ISSA International Conference
(October 22-23), 2014, Orlando, FL
3rd Annual CISO Asia Summit and Roundtable
(November 5-9), 2014, Singapore
Suits & Spooks
(December 14), Singapore.
International Conference on Cyber Security
(January 5-8, 2014), New York, NY.
Just for Fun
We would like to congratulate Javier Coirolo for submitting the first
correct response to last issue’s puzzle. Thank you everyone who submitted
Click here to view last issue's puzzle
*Here is this issue's challenge...*
A chicken farmer has figured out that a hen and a half can lay an egg and a
half in a day and a half. How many hens does the farmer need to produce one
dozen eggs in six days?
Send your answers to our comment desk <support at owasp.org> for a chance to
win a prize. Winners will be announced in the next connector.
[image: communication] Governance Request for Comment: Committees
The model outlined below represents a potential implementation of the idea
currently being described as OWASP Committees 2.0. We aim to leverage the
lessons learned from our previous committee model to create a new model
that grows our leadership circles and empowers our leaders for more rapid
action, while still ensuring that their activities stay true to OWASP’s
core values. It is still a work-in-progress, but represents the
contributions from the OWASP Board, the OWASP Executive Director, OWASP
Staff, Dinis Cruz, Johanna Curiel, and various others.
Click here to review the document.
This is your opportunity to have a voice in the future of OWASP governance.
We look forward to hearing your thoughts on this proposal.
2014 Global Board of Directors Election
Please visit our 2014 Board Elections page
for frequent updates. Our Call for Candidates is only open until August 15!
Please submit your candidacy here
Once confirmed, the candidates will conduct individual interviews answering
questions from the community. Anyone can submit a question(s), vote up or
vote down existing questions. The top 5 to 6 questions will then be used
for each candidate’s interview. If you have a question you would like to
submit, please do so here
For a complete Election Time line, Click Here
Board of Directors Meeting Times
Interested in what is going on with the Board of Directors? Board meetings
are open to the public, and upcoming meetings as well as agendas are posted
to the Board wiki page
Upcoming 2014 Meetings
- July 9, 2014 9am-10am PST
- August 13, 2014, 9am-10am PST
- September 10, 2014, 9am-10am PST
- September 16, 2014, 6pm - 9pm MST (in person at AppSec USA
*Reminder: Discussing Governance at OWASP*
We have an open mailing list for discussing the overall topic of governance
at OWASP. Click Here
to browse the list archives.
OWASP Winter Code Sprint
We are thrilled to announce the launch of OWASP Winter Code Sprint (OWCS)
for this upcoming Autumn/Winter (Sept 14-March 15).
*What is OWCS?*
The OWCS is a program to involve students with Security projects. By
participating in OCWS a student can get real life experience while
contributing to an open source project and getting university credits.
*How it works*
Any OWASP project that will give you university credits can participate in
OCWS. Each project will be guided by an OWASP expert along with a
professor. Students are graded by their University, based on success
criteria identified at the beginning of the project.
Projects are focused on developing security tools. It is required that the
code any student produces for those projects will be released as Open
Source. Universities are free to specify their own requirements to
projects, such as written reports. OWASP does not influence the way grades
are allocated. The OWASP advisers will provide any information professors
need in order to grade their students.
*How to participate?*
As a Student:
1. Review the list of OWASP Projects currently prticipating in OWCS
2. Get in touch with the OWASP Project mentor of your choice
3. Agree on deliverables with OWASP mentor and university professor
4. Work away during Autumn/Winter 2014
5. Rise to Open Source Development Glory!
As a Professor:
1. Review the list of OWASP Projects currently prticipating in OWCS
2. Get in touch with the OWASP Project mentor of your choice
3. Promote the participating OWASP Projects among students
4. Review student progress with help from OWASP mentors
5. Grade student work according to university scoring system
6. Provide student grade results to OWASP mentor/s
CLICK HERE for more information
Meet and Greet at BlackHat USA
What does this mean? Chapter and Project leaders that are already planning
on attendingBlackHat USA 2014 can sign up for a 2 hour slot (or more) to
promote their chapter and/or project at the OWASP booth. This will allow
conference goers that may only know you via email to put a face to a name.
It will also provide you visibility to thousands of individuals to promote
your chapter and/or project.
We have a limited amount of "Expo Only" passes available if you were not
planning on attending BlackHat but will be in Las Vegas on Wednesday,
August 6 and/or Thursday, August 7 and want to promote your chapter/project
at the OWASP booth.
Leaders will be showcased for the time(s) you select and the leader with
the most visitors over the two days will win a prize!
To help us promote your chapter and/or project, please fill in the time(s)
that best accommodates your schedule to be showcased at the OWASP BlackHat
*BSides 2014 Las Vegas Tuesday, August 5 - Wednesday, August 6*
Anyone that will be in Las Vegas and would like to help promote OWASP at
our BSides booth is welcomed! Please select the time(s) that best fit your
schedule to volunteer at the OWASP booth here
The volunteer with the most visitors over the course of the two days will
win a prize!
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message
with "Unsubscribe" in the subject line or simply click on the following
link: Unsubscribe <http://cts.vresp.com/u?7d3680ebcc/d1ed10e149/mlpftw>
The OWASP Foundation
1200-C Agora Drive
Bel Air, Maryland 21014
Read <http://www.verticalresponse.com/content/pm_policy.html> the
VerticalResponse marketing policy.
[image: Non-Profits Email Free with VerticalResponse!]
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-montreal