[Owasp-summit-2013] OWASP Connector May 21, 2013

Kate Hartmann kate.hartmann at owasp.org
Wed May 22 00:29:00 UTC 2013




To make sure you receive future emails,
please add kate.hartmann at owasp.org to your address book or safe list.
   

OWASP Connector May 21, 2013
==================================================   
   


   

MAY FEATURED OWASP PROJECT

OWASP Mobile Security Project (https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks)

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.  The primary goal of this project is to classify mobile security risks, and provide developmental controls to reduce their impact our likelihood of exploitation.  

The primary focus is at the application layer.  While consideration is taken into the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas where the average developer can make a difference.  Additionally, focus is placed not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with.  Focus is heavily aimed towards the integration between the mobile application, remote authentication services, and cloud platform-specific features.

NEW OWASP PROJECTS

OWASP Good Component Practices Project  (https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project)
Project Leader:  Mark Miller (mailto:mark.miller at owasp.org)


Good Component Practice is one of the most overlooked silver bullets in the Open Source arsenal.  Due to business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development.

This project will use community input to document an industry acceptable process for the creation, maintenance, and use of open source components.

OWASP Bywaf Project (https://www.owasp.org/index.php/OWASP_Bywaf_Project)
Project Leader:  Rafael Gil Larios (mailto:rafael.gillarios at owasp.org)

The aim of this project is to develop an application that makes the work of an auditor much easier when conducting a Pen Test.  The application's principal functions are to detect, evade, and give a vulnerability result utilizing known SQL injection, and other methods developed by professionals within the industry.  


PROJECT ANNOUNCEMENTS

2013 Mobile Top 10 Call For Data

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal document.  We are encouraging everyone to get involved.  Right now we are looking for data that represents the current state of mobile application security.  We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues.  The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions.  We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.

If you would like to et involved, please visit the OWASP Mobile Security Project wiki page (https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks).  Please direct any questions or concerns to the Top 10 Refresh leaders, Jason Haddix (mailto:Jason.Haddix at owasp.org), Jack Mannino (mailto:Jack.Mannino at owasp.org), and Mike Zusman (mailto:Mike.Zusman at owasp.org).






Do you want to host an event or propose OWASP involvement in an outreach event?  Submit your event through the OWASP Conference Management System (OCMS) (https://ocms.owasp.org/)




 
 






 







   

Thank you to MStar Semiconductor, Inc, our newest Corporate Member

Thank you to AsTech Consulting for their Corporate Membership Renewal

GET READY FOR THE 2013 SUMMER

 (http://owasp.com/index.php/Summer_2013_Membership_Drive)

Cool Prizes
New Membership Levels
Become a LIFETIME Member
Click the icon for all the details (http://owasp.com/index.php/Summer_2013_Membership_Drive)

Apply for an Honorary Membership

Get the Details and the Link to the form (http://owasp.com/index.php/2013_Board_Elections#Honorary_Membership)



 (http://appsecusa.org/2013/)



AppSec Research 2013 (https://www.owasp.org/index.php/AppSecEU2013)



4th COUNTDOWN CHALLENGE RELEASED
There will be a challenge posted on the conference wiki page every month up until the event in August.  The winner of each challenge will get FREE entrance to the conference (a €420 value).  Be sure to sign up for the conference mailing ( https://lists.owasp.org/mailman/listinfo/appseceu2013) list to get a monthly reminder.
CLICK HERE (https://www.hacking-lab.com/events/registerform.html?eventid=444&uk=fxmycgUCHheeKvhUJs5aAYT8zfspa7yH) to access this challenge
Complete instructions on this challenge (https://www.owasp.org/index.php/AppSecEU2013)

OWASP is pleased to announce our upcoming Partner Events:

ICCS 2013 (http://www.iccs.fordham.edu/) James R. Clapper, the Director of National Intelligence, will be the opening keynote speaker for the conference.

Blackhat 2013 (https://www.blackhat.com/us-13/) (15% discount promo code for OWASP members is:  KobrLQ44 - case sensitive)

​EC Council (http://www.eccouncil.org/conference/  ) - ​Use discount code TDCSTLOWASP for $99 conference passes





                   OWASP Foundation


www.owasp.org


Contact Us (http://owasp4.owasp.org/contactus.html)


OWASP Blog (http://owasp.blogspot.com/)

Do you have some news?  Submit your item to appear in the next connector HERE (http://owasp4.owasp.org/contactus.html)
          










                   

--------------------------------------------------   

MAY 21 GLOBAL WEBINARS SCHEDULED

TOPIC:  Unraveling the mysteries of the OWASP WIKI

​Have you ever wondered how to find something on the wiki?  Where are the projects?  How do i volunteer?  How, and more importantly - Why, do I become a Member?  Join us for this webinar where the Ops team will walk through some of they mysterious links on the OWASP.org website.

May 21, 2013 at 10am EDT  

 (https://www3.gotomeeting.com/register/644990894)
May 21, 2013 at 9pm EDT
(GMT -5)

 (https://www3.gotomeeting.com/register/501721670)
Links to the recordings of previous meetings can be found on the Initiatives Page (https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus)To review All of the opportunities, Visit the Initiaives page (http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing)




   





OWASP Global Board Elections (http://owasp.com/index.php/2013_Board_Elections)

The call for candidates is OPEN! (http://owasp.com/index.php/2013_Board_Elections)

2013 WASPY (Web Application Security People of the Year) Awards (http://owasp.com/index.php/WASPY_Awards_2013)

It's time to submit your nominations for the 2013 WASPY (Web Application Security People of the Year) Awards!
This year's awards will recognize our community's best in 5 different OWASP related category:

 - Best Chapter Leader
 - Best Project Leader
 - Best community supporter - contributor to chapter, project or initiative
 - Best Mission Outreach - grow the OWASP community
 - Best Innovator - willingness to try new ideas
NOMINATIONS ARE OPEN
CLICK HERE TO ACCESS THE FORM! (http://www.tfaforms.com/284578)

OWASP would like to thank 
for stepping up to be a Platinum Sponsor for these awards in 2013!  Additional sponsorship opportunities are available Here (https://www.owasp.org/images/2/2a/OWASP_WASPY_Sponsorships_Final.pdf)








      
   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20130521/1298cba0/attachment-0001.html>
-------------- next part --------------
_______________________________________________
To unsubscribe from the Owasp-all mailing list, you will need to unsubscribe yourself from all OWASP mailing lists you belong too. This list is automatically generated to allow OWASP to contact all it’s members in one distribution.

Best regards, OWASP
-------------- next part --------------
-- 
You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-summit-2013+unsubscribe at owasp.org.
To post to this group, send email to owasp-summit-2013 at owasp.org.
Visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/?hl=en.
For more options, visit https://groups.google.com/a/owasp.org/groups/opt_out.




More information about the Owasp-summit-2013 mailing list