[Owasp-summit-2013] OWASP Global Connector

The OWASP Foundation The_OWASP_Foundation at mail.vresp.com
Wed Feb 12 22:58:57 UTC 2014

February 12, 2014  |   | www.owasp.org -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/d8a6986335   | Contact Us -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/a696fa54f8   |  Brought to you by the OWASP Foundation

Featured OWASP Project

OWASP OWTF Project -

OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES
project focused on trying to unite great tools to make pen testing
more efficient. OWASP OWTF is a project focused in the area of
offensive security testing where the goal is to unite a vast set of
the greatest pen-test tools, PoC code and custom tests, and to
organize this information in an interactive way to make testing as
efficient as possible for pen-testers.

For more information, please contact the Project Leader, Abraham
Aranguren. - abraham.aranguren at owasp.org

New OWASP Projects

OWASP Encoder Comparison Reference Project

The OWASP Encoder Comparison Reference Project is a quick reference
for how ESAPI and other frameworks and native language encoding
methods work against ASCII characters. It is a Web 2.0 web
application that allows users to choose which encoder libraries to
compare. It should compare ESAPI as well as others. Deliverable
includes the source code to the web application hosted version so
that users can access this tool without needing to download, install,
configure, etc.

For more information, please contact the Project Leader, Stephanie
Tan. - Stephanie.Tan.org

OWASP Ultimatum Project

The OWASP Ultimatum Project will be an all in one vulnerability
testing tool that will automatically keep updating so that it has the
latest vulnerability information on which it can work on. The product
can also be used to pen-test different web server applications. It
will be a web application testing tool that will be able to identify
spam, malware embedded in an email attachment, or any of the pdf or
doc sent over e-mail, etc.

For more information, please contact the Project Leader, Robin Nayak.
- robin.nayak.org

OWASP Book Project

The OWASP Book Project will b a consolidated publication with a
collection of research papers that will be donated to OWASP. The
Leader aims to assemble research focused on web application
penetration testing into one book to give contributors an opportunity
to share their knowledge and experience.

For more information, please contact the Project Leader, Ahmed Neil.
- ahmed.neil.org

OWASP Open Cyber Security Project

The OWASP Open Cyber Security Framework Project's aim is to create a
practical framework for cyber security. Currently there are some
frameworks from NIST or from ISACA for example and other paid or
local frameworks, but there is no open framework that any governments
or organization are able to adopt.

For more information, please contact the Project Leader, Mateo
Martinez. - mateo.martinez.org

Project Announcements

OWASP CISO Survey Report 1.0 -

The OWASP CISO Survey provides tactical intelligence about security
risks and best practices to help CISOs manage application security
programs according to their own roles, responsibilities, perspectives
and needs. Project Leader, Tobias Gondrom, has released the report

For more information, please contact Tobias Gondrom. -
tobias.gondrom at owasp.org

OWASP Java Encoder 1.1.1 Released!

The OWASP Java Encoder is a Java 1.5 simple-to-use drop-in
high-performance encoder class with no dependencies and little
baggage. This project will help Java web developers defend against
Cross Site Scripting!

A huge thank you to Jeremy Long and Jeff Ichnowski for their gracious
volunteer time and expertise in working on this project. Happy
Encoding from the OWASP Java Encoder Team: Jim Manico, Jeff
Ichnowski, and Jeremy Long - OWASP Java Encoder Project -

OWASP iGoat Project looking for help! -

Are you an objective C programmer? The short-term need for OWASP
iGoat is basic code maintenance. There are a couple of deprecated (in
iOS 7) methods that are used in OWASP iGoat. We need a developer to
read through those (2 instances) and decide how to replace them. The
project is also looking for a developer to help implement a couple
new exercises.

If you are able to help, please contact Ken van Wyk. - ken at krvw.com

Project Review Assistance Required!

We would like to ask the OWASP Project user community to take a bit
of time to fill in a short survey that we will use to assess the
Usability and Value of our projects. We are currently focusing on the
following projects. If you are a user, please fill out the survey
below. Thank you, Leaders.

OWASP Cheat Sheets Project -

OWASP Java HTML Sanitizer Project -

OWASP Xenotix XSS Exploit Framework Project -

OWASP Cornucopia Project -

OWASP Java Encoder Project -

You can find the assessment survey here:  Project Usability and Value
Assessment -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/9a41865e5e .  For more detailed instructions on how to submit your comments,
please contact Samantha Groves. - samantha.groves at owasp.org

Global AppSec Events in 2014

AppSec APAC 2014 (March 17 - 20, Tokyo Japan) -

English Website -

Japanese Website -

Training March 17-18, Conference March 19-20

Full Schedule of conference training and talks is now available

Sponsorship opportunities -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/fdd651c444  are still available

Training March 17-18, Conference March 19-20                         
           Conference Training and Talks have been posted            
                        Early Registration deadline is February 1

AppSec LATAM 2014 - LATAM Tour (April 21 - May 12) -

In 2014, instead of holding an AppSec LATAM Conference, we organizing
a LATAM Tour which we hope will bering together LATAM community
members together to spread the OWASP mission.  Here are the sheduled
stops for the tour:

April 21-22, Costa Rica (San Jose)                                   
 April 22-23, Chile (Santiago)                                    
April 23-24 Ecuador (Quito & Guayaquil)                              
      April 25-26 Peru (Lima)                                    
April 28-29 Panama (Panama)                                     April
29-30 Uruguay (Montevideo)                                     May
5-6 Venezuela (Caracas)                                     May 6-7
Colombia (Bogota)                                     May 8-9
Argentina (Buenos Aires)

Sponsorship Opportunities -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/7e5958d87b  are available as well.  Please find further information on  the Tour
Wiki Page. -

AppSec EU 2014 (June 23 - 26, Cambridge, UK) -

Training - June 23-24, Conference - June , 25-26                     
               Sponsorship details are now available -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/9d5e344bbe                                      Call for papers, presentations
and training -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/2dd0cbba51  is now open.  The deadline to submit is March 21, 2014

AppSec USA 2014 (September 16 - 19, Denver, CO) -

Training - September 16-17, Conference - September 18-19             
                       Sponsorship packages -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/edf10c8ae1  are now available.                                     More
information on the call for papers and training - Coming Soon

Upcoming Regional Events

OWASP is offering a FREE Developer Bootcamp in San Francisco on
Monday, Feb 24, 2014.  Register now to secure your seat! -

LASCON 2014 (October 21 - 24, Austin, TX) -

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to
grow our community and build awareness around software security. If
you want to learn more about OWASP's involvement or will be attending
and want to help out contact us -

Nullcon (February 12 - 15, Goa, India) -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/f164f28586 OWASP Members receive a 20% discount off of the general event
registration fee by using

Confoo 2014 - Montreal, Canada (February 24-28)

Security, Management, Audit Forum 2014 (February 19 - 20, Poland) -

InfoSec World Conference & Expo 2014 -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/d7ade17336 , April 7-9, 2014.  OWASP Members receive a 10% discount off the
standard conference registration fee by using discount code: 

Cyber Security Summit -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/b60d4a2692/utm_source=media-partner&utm_medium=event-listing&utm_campaign=owasp , April 9-10, 2014.  Prague, Czech Republic.  OWASP Members receive a
20% discount off of the general event registration fee by using THIS

THOTCON - Chicago's Hacking Conference -
http://cts.vresp.com/c/?TheOWASPFoundation/0a89a0e95a/4f163f6020/1ab1d559a7 , April 25, 2014, Chicago IL.  Tickets -

OWASP Quarterly Journal Initiative

The OWASP community contains many of the most brilliant minds in
software security.  One of the challenges we face is that, despite
our global scope, there are many concepts, research, tools, and
techniques that are often not circulated as broadly as they should

A suggestion was made by several to create a quarterly publication
that would further meet the needs of the software security
professional, and help spread our mission and our resources beyond
current limitations.

Through the initiatives, a task force has formed to work on
accomplishing this.  The team, in their wisdom, has asked that the
community provide input on what we feel is missing from other
industry publications, and what direction this team should take.

Please take a few seconds to provide your input to the team.  Submit
your comments HERE - support at owasp.org

Thank you to our newest Corporate Members:  OneConsult GmbH and BCC
Risk Advisory                             Thank you to Oracle for
their renewal!                                                       
                      OWASP is Hiring!

OWASP is looking for a talented professional to fill each of the
following positions:

OWASP Community Manager; Full Time; Salaried

The OWASP Community Manager is responsible for coordination and
oversight of volunteer opportunities and initiatives for the OWASP
community. Furthermore, this position will focus on providing
operational support to OWASP Chapters globally and is responsible
overseeing and disseminating the organization’s policies,
objectives, and initiatives as they relate to OWASP Chapters.

Details about the position -

Graphic Designer; Part time; hourly; contractor

The Graphic Designer is responsible for oversight and development of
company promotional materials both for print and for the web. The
OWASP Graphic Designer will be responsible for the visual identity
and visual brand consistency of all materials and graphic content
created and used by the OWASP Foundation.

Details about the position -

Complete information on the hiring process, including application
deadlines, please visit the complete Blog Post -

Just for Fun

We would like to congratulate David Smolikhagen for submitting the
first correct response to last issue's puzzle.  Here is the question
followed by David's response.  Thank you to everyone who submitted
your response.  If you missed the question, you can find it on the
OWASP Blog -

Alice still won the race. Alice would have caught up to Bob at the 95
yd mark and since she is running a little bit faster than Bob, she
would have covered the remaining 5 yds faster than Bob (unless he's
some super macho guy who wasn't gonna be beat by a girl twice, and he
dug deep and poured on something extra for those last 5 yards! ;-D ).

This issue's challenge

The Blue Knight usually rides to the World’s End Pub after a long
day, and walks back to the castle. It takes her an hour and a half.
When she rides both ways it takes 30 minutes. How long would it take
her to make the round trip on foot?

Please submit your answers HERE - support at owasp.org

OWASP Member Spotlight - Oana Cornea, Bucharest, Romania

As an organization driven by it's membership community, it's high
time we dedicate some space to recognizing YOU!

Oana Cornea - oana.cornea at owasp.org  got involved in OWASP in
January2013 when she wrote an iOS Cheat Sheet for the Cheat Sheet
series.  It's been full steam ahead since then for Oana and the team
in Romania.

Oana says:  "I am working as an application security analyst at
Electronic Arts, in Bucharest, Romania. I am a Computer Science
graduate with a Master in Information Technology Security and I have
been working in the field of IT security for almost 4 years.

I've learned a lot from the Owasp docummentation available on the
website so, I've decided to give something back and get involved.
I've decided to be active in this community, to learn more and to
promote software security.

The first Owasp event in Romania was part of the Europe Tour (May
2013). Since then, I organized another one day conference event in
October 2013 and we started to have regular chapter meetings.

Over the past months we evolved and I've managed to get more people
involved in the local Owasp Chapter to promote software security.
Many people volunteered, together with the board members Dan Vasile
and Ionel Chirita, and helped organizing these events and meetings.

It is a great experience and I am very happy to be part of the Owasp

Click to view this email in a browser

If you no longer wish to receive these emails, please reply to this
message with "Unsubscribe" in the subject line or simply click on the
following link: 


The OWASP Foundation sent this email free of charge using
VerticalResponse for Non-Profits. Non-Profits email free. You email

The OWASP Foundation
1200 - C Agora Drive
bel Air, Maryland 21014

Read the VerticalResponse marketing policy: 

You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-summit-2013+unsubscribe at owasp.org.
To post to this group, send email to owasp-summit-2013 at owasp.org.
Visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/.
For more options, visit https://groups.google.com/a/owasp.org/groups/opt_out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20140212/b5676a83/attachment-0001.html>

More information about the Owasp-summit-2013 mailing list