[Owasp-summit-2013] OWASP Connector June 4, 2013

Kate Hartmann kate.hartmann at owasp.org
Wed Jun 5 01:31:16 UTC 2013

To make sure you receive future emails,
please add kate.hartmann at owasp.org to your address book or safe list.

OWASP Connector June 4, 2013



OWASP Xenotix XSS Exploit Framework Project (https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework)

The OWASP Xenotix XSS Exploit Framework Project is a penetration testing tool that detects and exploits XSS vulnerabilities in Web Applications.  It is basically a payload list based XSS Scanner and XSS Exploitation kit.  The exploitation framework will help penetration testers create proof of concept attacks on vulnerable web applications.

For more information, please visit the OWASP Xenotix XSS Exploit Framework Project (https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework) wiki page.  


OWASP VaultDB Project (https://www.owasp.org/index.php/OWASP_VaultDB_Project)

Project Leader:  Maxime Labelle

VaultDB is a secure NoSQL database management system (DBMS) for modern applications.  It supports multi-recipient encryption, table-level encryption, group encryption and comes loaded with a strong cryptosystem.

VaultDB adds automatic transparent encryption to your application's data at the table/document level.  Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside your preferred DBMS for storage. 

OWASP WS-Amplification DoS Project (https://www.owasp.org/index.php/OWASP_WS_Amplification_DoS_Project)

Project Leader:  Thomas Vissers (mailto:Thomas.Vissers at owasp.org)

This project aims to explore the threat of an Amplification DoS attack that utilizes web services.  Currently, DNS servers are widely misused to amplify DoS traffic.  This is called a DNS Amplification or Reflective attack.  It appears that SOAP web services that implement WS-Addressing might be vulnerable to similar abuse, as stated in this paper.  The aim of the project is to develop tools to test this vulnerability and determine the threat magnitude on a global scale. 

OWASP Mutillidae 2 Project (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project)

Project Leader:  Jeremy Druin (mailto:Jeremy.Druin at owasp.org)

NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.  NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a web server.  


OWASP Global Board Elections (http://owasp.com/index.php/2013_Board_Elections)

The call for candidates is OPEN! (http://owasp.com/index.php/2013_Board_Elections)

Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS) (https://ocms.owasp.org/)

Do you have some news?  Submit your item to appear in the next connector HERE (http://owasp4.owasp.org/contactus.html)



Thank you to Ping Identity, Riverbed Technology, and Sonatype, our newest Corporate Members

Thank you to Imperva and UPS for their Corporate Membership Renewals



Now is the time to make sure your membership is current and up to date!  Join or renew between now and June 10th and be eligible to receive one of 22 Cool Prizes!
Effective June 1st, you can now join for a 2 year membership or become a LIFETIME Member
Click the icon for all the details (http://owasp.com/index.php/Summer_2013_Membership_Drive)

Apply for an Honorary Membership

Get the Details and the Link to the form (http://owasp.com/index.php/2013_Board_Elections#Honorary_Membership)


Big announcements are coming soon!  Training sessions and talk schedule will be posted by June 14th.  Be sure to visit the website (http://appsecusa.org/2013/) often for updates on sponsorship opportunities, conference activities, and more!

Registration is opening very soon!  Thanks to all for patiently waiting!  Check the AppSec Research site for details on the training sessions, talks, and link to registration within the next couple of days.

OWASP is pleased to announce our upcoming Partner Events:

Blackhat 2013 (https://www.blackhat.com/us-13/) - OWASP Members receive $200 off using discount code:  Uurtcw0

SecAppDev (http://www.eccouncil.org/conference/  ) - OWASP members receive 10% off using discount promo code:  owasp)  This code will need to be entered in the comments box to receive the 10% discount

EC Council (http://www.eccouncil.org/conference/  ) - Use discount code TDCSTLOWASP for $99 conference passes

Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS) (https://ocms.owasp.org/)







Analyzing and Fixing Password Protection Schemes - John Steven

(Recorded at AppSec USA 2012 in Austin, TX)

June 6, 2013 at 10am EDT  


June 6, 2013 at 9pm EDT
(GMT -5)

Links to the recordings of previous meetings can be found on the Initiatives Page (https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus)To review All of the opportunities, Visit the Initiaives page (http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing)


 (http://owasp.com/index.php/WASPY_Awards_2013)2013 WASPY (Web Application Security People of the Year) Awards (http://owasp.com/index.php/WASPY_Awards_2013)

We all know someone who has made a difference in our industry.  Now is your chance to nominate them to be GLOBALLY recognized!  The 2013 categories are:

 - Best Chapter Leader
 - Best Project Leader
 - Best community supporter - contributor to chapter, project or initiative
 - Best Mission Outreach - grow the OWASP community
 - Best Innovator - willingness to try new ideas
CLICK HERE TO ACCESS THE FORM! (http://www.tfaforms.com/284578)

OWASP would like to thank 
for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here (https://www.owasp.org/images/2/2a/OWASP_WASPY_Sponsorships_Final.pdf)

OWASP Foundation


Contact Us (http://owasp4.owasp.org/contactus.html)

OWASP Blog (http://owasp.blogspot.com/)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20130604/186c69f2/attachment-0001.html>
-------------- next part --------------
To unsubscribe from the Owasp-all mailing list, you will need to unsubscribe yourself from all OWASP mailing lists you belong too. This list is automatically generated to allow OWASP to contact all it’s members in one distribution.

Best regards, OWASP
-------------- next part --------------
You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-summit-2013+unsubscribe at owasp.org.
To post to this group, send email to owasp-summit-2013 at owasp.org.
Visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
For more options, visit https://groups.google.com/a/owasp.org/groups/opt_out.

More information about the Owasp-summit-2013 mailing list