[OWASP-South Africa] Membership survey results and more

Brett Russell brett.russell at owasp.org
Wed Jun 18 08:21:28 UTC 2014

No comment from anyone? Is anyone planning on going to Secure Johannesburg?

On Thu, Jun 12, 2014 at 9:08 AM, Brett Russell <brett.russell at owasp.org>

> Hi All,
> Thanks to those of you that replied on the Heartbleed bug (but please send
> your replies to the list for the benefit of all and not directly to me in
> future). Tim made an excellent point which I would like to share:
> *"Hack reports of South Africa: At some point somebody hacked the SA
> Police's website. I think it happened last year.  They stole the personal
> information of thousands of people apparently. Hack attempts happen all the
> time in South Africa.  You might just not always be aware of it.  South
> Africa is made up mostly of small businesses as opposed to the USA for
> example which is made up of mostly big corporations.  Small businesses are
> big targets for hackers with financial gain in mind and they will be very
> subtle when attacking. Very few companies in South Africa monitor their
> logs of their servers."*
> Two things that stand out for me from this:
> 1. Even if your website is not hacked, that does not mean you are not
> effected. We live in a global and online community and it is only through
> community based organizations like OWASP and others that we can truly
> tackle security and privacy issues. It is no longer good enough to just
> protect our own back yards as we have a vested interest in protecting our
> neighbours yard as well.
> 2. South Africa (and Africa in general) is different in the way we live
> and work, and so we need to tackle the issues that we see here differently
> as well. Exactly how we can achieve this, I am not entirely sure yet, but
> that is why we need to have the conversations.
> On a related note, Secure Johannesburg will be held on the 23rd of
> September, and I suggested to ISC2 that we (OWASP) join the event
> as partners. I am speaking at the event anyway, and I think it would help
> to get more exposure to the local OWASP chapter. I would like your opinions
> please so let me know if there are any objections.
> Kind regards,
> Brett
> OWASP South Africa
> On Sun, May 25, 2014 at 8:33 PM, Brett Russell <brett.russell at owasp.org>
> wrote:
>> Hi All,
>> I have been back from a nice long break for 2 weeks now, so I am finally
>> up to date with my emails, time to catch up on OWASP as well.
>> To those that completed the membership survey, thank you, here are the
>> results: https://www.surveymonkey.com/results/SM-WK6DCNP/
>> If you would like to complete the survey still, here is the link:
>> https://www.surveymonkey.com/s/695PDWN.
>> <https://www.surveymonkey.com/s/695PDWN>
>> It has been a busy couple of weeks from a security perspective. eBay made
>> the news for the wrong reasons with a hack exposing 145 million (yes
>> million) users names, passwords, address's etc.  There is still some
>> fallout from the Heartbleed incident going around to this day as well, and
>> will continue for a while. If you don't think web security is important for
>> your company, just ask Gregg Steinhafel, former CEO of Target who lost his
>> job over a similar security breach (maybe he should have joined OWASP, he
>> might still have his job).
>> What is not clear to me at the moment is what South Africa is like? We
>> (Paycorp Group) were not effected by Heartbleed at all, and thankfully,
>> haven't been the target of any major hack attempts (I am holding my wooden
>> desk as I say this). So I have 2 questions:
>> 1. Does anyone know of a reliable source of hacking attempts or hack
>> reports in South Africa?
>> 2. Does anyone have any personal experience of a hack attempt (successful
>> or not) that they would be willing to share so we can start to get a better
>> picture of what is happening here. Otherwise, if you were for example
>> affected by the Heartbleed bug, what was the impact and fallout?
>> Last thing, the mail robots have done their thing and the mailing list
>> has been pruned to only active address's, so please feel free to send
>> emails to the OWASP South Africa mailing address (
>> owasp-southafrica at lists.owasp.org) or simply reply to this email.
>> Kind Regards,
>> Brett Russell
>> OWASP South Africa Chapter Leader
> --
> Kind Regards,
> Brett Russell
> OWASP South Africa Chapter Leader


Kind Regards,
Brett Russell
OWASP South Africa Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-southafrica/attachments/20140618/1546bd93/attachment.html>

More information about the OWASP-SouthAfrica mailing list