[Owasp-summit-2013] OWASP July 8, 2014 Connector
The OWASP Foundation
The_OWASP_Foundation at mail.vresp.com
Tue Jul 8 23:47:09 UTC 2014
July 9, 2014 | | www.owasp.org -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/337907c997 | Contact Us -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/a4c1879faf | Brought to you by the OWASP Foundation
Featured OWASP Project
OWASP Java Encoder Project -
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in
high-performance encoder class with no dependencies and little
baggage. This project will help Java web developers defend against
Cross Site Scripting! The OWASP Java Encoder library is intended for
quick contextual encoding with very little overhead, either in
performance or usage. To get started, simply add the
encoder-1.1.1.jar, import org.owasp.encoder.Encode and start
For more information, please contact the Project Leaders, Jeff
Ichnowski - jeff.ichnowski at gmail.com and Jim Manico -
jim.manico at owasp.org
New OWASP Projects
OWASP Faux Bank
Faux Bank has all 10 of the top vulnerabilities implemented, as well
as fixes for these vulnerabilities. The idea is that developers can
see a real-world system with vulnerabilities, so that they can see
what to look for and how to write secure code. The OWASP Faux Bank
wiki page can be found here. -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/cf661e5268 For more information, please contact the Project Leader, Davie
Elliott. - davie.elliott at owasp.org
OWASP Store Sheep Project
OWASP Store Sheep is a work in progress application do demonstrate
security concepts relating to Windows Store Apps. Store Sheep is a
training app for Developers wishing to learn to securely code a
Windows Store ('Metro Style') App, and Testers wanting to learn to
test one. It contains a number of security vulnerabilities with
explanations and fixes for them. The project page for the OWASP Store
Sheep project can be found here. -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/b39bbe0557 For more information, please contact the Project Leader, Marion
McCune. - marion.mccune at owasp.org
OWASP SonarQube Project
OWASP Sonarqube Project consist to deliver a set of "standard"
profile for security, like OWASP Top10 profile, ASVS profiles,
PCI-DSS profile,ISO 27034ASC profile, ....who can be used by team
with the support of OWASP Community. More than 20 programming
languages are covered through plugins including Java, C#, C/C++,
PL/SQL, Cobol, ABAP. The OWASP SonarQube Project is looking to expand
the offered languages, and is looking for language experts in .NET,
PHP and any other language. The project page for the OWASP SonarQube
Project can be found here. -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/fa22306cb5 For more information, please contact the Project Leaders, Sebastien
Gioria. - sebastien.gioria and Freddy Mallet -
freddy.mallet at sonarsource.com
OWASP URL Checker
OWASP URL Checker is an open source scrip-table tool to scan websites
for URL's which may lead to information divulging, exploits and
common attack patterns. This tool will check a user defined website
for potentially exploitable/ vulnerable URL's by comparing them
against the URL extensions in the database. The project page for the
OWASP URL Checker can be found here. -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/8ca8dacaf0 For more information, please contact the Project Leader, Craig Fox.
- craig.fox at owasp.org
OWASP Security Shepherd New Version
The new version of the OWASP Security Shepherd Project was released
earlier this month. The project now has 50 lessons and challenges
based on risks from both the Top Ten Mobile and Web App Security Risk
lists. OWASP Security Shepherd is perfect for those who are looking
to learn about appsec for the first time or are well seasoned in the
arts of pen-testing and are looking for a challenge.
More information can be found ON THE WIKI PAGE -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/2f66a734bd or you can contact the project leader Mark Denihan -
markdenihan at owasp.org
Research Assistant Needed for the Developer guide
The Developer Guide Project is looking for an honors student or
masters student to replicate the 1979 paper by Morris and Thompson.
It has been many years since we've had statistically sound research
into the basic properties of the password. Morris and Thompson
introduced countermeasures that we still use today (30 day password
rotation, min six character passwords) that made sense for a PDP
11/870 back in 1979. The project
leaders would like a cryptographer research student or masters
student to help look into session tokens, particularly RESTful API
tokens. The basic topic would be a short paper on the necessary
properties to protect against session prediction, session recovery,
side channel attacks against sessions, and investigate a few sample
session issuers, such as RESTful API in common use.
If you are interested in helping the Developer Guide, please contact
Andrew van der Stock - vanderaj at owasp.org .
New Set of Architectural Security Principles
The Reverse Engineering and Code Modification Prevention project has
released a set of architectural security principles that enforce
integrity preservation in mobile apps. This is an updated list of
principles / controls that security architects will find useful when
enforcing code integrity within their mobile apps.
For the complete list of the integrity controls and underlying
security principles, check out the Architectural Principles
New Dependency Check Version 1.2.3 Out Now
On June 28th, the OWASP Dependency Check released version 1.2.3.
Dependency Check can be used to analyze an applications dependent
libraries (Java and .NET) to identify and report on any known,
published vulnerabilities related to the libraries being used. The
tool will be demoed during the Black Hat Arsenal in Las Vegas on
Wednesday, August 6th.
You can find the newest release of the OWASP Dependency Check on the
project page. -
OWASP Foundation Social Media
Google + -
WASPY Award Nominations are Complete
Every year a group of individuals including researchers, developers,
security professionals, and others work to ensure the security of web
applications. Some of these individuals are featured in news stories
or at conferences as recognized experts. But there are many other
‘unsung heroes’ that work every day to improve web application
security and yet are rarely recognized.
The Web Application Security People of the Year (WASPY) Awards is the
OWASP Community's opportunity to recognize those individuals who have
made an impact by leveraging the OWASP platform.
THE 2014 NOMINEES ARE
Best Chapter Leader
Sebastien Deleersnyder - Belgium
Jonathan Marcil - Montreal
Riotaro Okada - Japan Ron Perris -
Orange County Sen Ueno - Japan
Best Project Leader
Tokuji Akamine - OWASP XSecurity
Project Spyros Gasteratos
- OWASP Hacademic Challenges Project
Achim Hoffman - OWASP O-Saft
Jeremy Long - OWASP Dependency Check
John Melton - OWASP AppSensor
Matteo Meucci - OWASP Testing Project
Best Mission Outreach
AppSec USA 2013 Team -
AppSec USA 2013
Jonathan Marcil - OWASP Videos
Mostafa Siraj - Cairo Chapter
Best New Community Supporter
AppSec APAC 2014
Team - AppSec Asia Pac 2014
Robert Dracea - AppSec Asia Pac 2014 - Japan
Beth Guth - South New Jersey
Takanori Nakanowatari - AppSec
Asia Pac 2014 - Japan
Congratulations to all the nominees! You can read the full write up
on each persons accomplishments on the 2014 WASPY Awards Wiki Page -
Honorary Membership applications now being accepted.
CLICK HERE -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/220d54e8a9 to find out if you qualify for Honorary Membership Deadline to
submit your application -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/1486722298 is September 30, 2014.
Global AppSec Events in 2014
AppSec USA 2014 (September 16 - 19, Denver, CO) -
Keynotes announced! Steve Crusenberry, Gary McGraw, and Bruce
opportunities are still available. -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/bd6dccc60f Training sessions now posted
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/b6e341e4d9 Member Event Registration -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/36ef044bbe Public Registration -
Upcoming Regional Events
MSP Day of Talks (July 21, 20014, Minneappolis, MN) -
BASC (October 18, Boston, MA) -
LASCON 2014 (October 21 - 24, Austin, TX) -
Partner and Promotional Events
OWASP has partnered with these great events in beginning of 2014 to
grow our community and build awareness around software security. If
you want to learn more about OWASP's involvement or will be attending
and want to help out contact us -
Secure Asia 2014 -
%20http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/235379c8b1 , (July 23-24), Bejing, China.
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/8e96af6a6d (August 2-7), Las Vegas, NV. OWASP Members receive $200 off BH
briefings with code: owaBR200off.
BSides LV -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/bb450ddf50 , (August 5-6), Las Vegas, NV.
EC-Council TakeDown Con -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/24db425031 , (August 14-19), Huntsville, AL.
Fraud Summit Toronto -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/7a1d98633b , (Sept 8, 2014) Toronto, Canada.
(ISC)2 Security Congress -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/d845f6a964 , (Sept 22 - Oct 2), Today’s employers are seeking software
developers that have the knowledge and expertise to build secure,
hacker-resistant software. Do you have what it takes? Prove it with a
Certified Secure Software Lifecycle Professional (CSSLP®)
certification from (ISC)2 . Validate your competence in secure
software development in new and evolving environments, including the
cloud, mobile and more. Watch the CSSLP webcast series -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/e457476ed6/utm_campaign=csslp&utm_source=owaspbiweeklyconnector&utm_medium=banner&utm_content=webcasts to get started. Atlanta, GA.
EC-Council Hacker Halted -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/7f2e285766 (October 12-17, 2014) Atlanta, GA
ISSA International Conference -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/0f9953cedf/issaconf_home (October 22-23), 2014, Orlando, FL
3rd Annual CISO Asia Summit and Roundtable -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/bc278257d4 (November 5-9), 2014, Singapore
Suits & Spooks -
14%20http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/a41ea33989 , (December 14), Singapore.
International Conference on Cyber Security -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/35b32f0250 , (January 5-8, 2014), New York, NY.
Just for Fun
We would like to congratulate Javier Coirolo for submitting the first
correct response to last issue’s puzzle. Thank you everyone who
Click here to view last issue's puzzle -
Here is this issue's challenge...
A chicken farmer has figured out that a hen and a half can lay an egg
and a half in a day and a half. How many hens does the farmer need to
produce one dozen eggs in six days?
Send your answers to our comment desk - support at owasp.org for a
chance to win a prize. Winners will be announced in the next
Governance Request for Comment:
Committees 2.0 Structure
The model outlined below represents a potential implementation of the
idea currently being described as OWASP Committees 2.0. We aim to
leverage the lessons learned from our previous committee model to
create a new model that grows our leadership circles and empowers our
leaders for more rapid action, while still ensuring that their
activities stay true to OWASP’s core values. It is still a
work-in-progress, but represents the contributions from the OWASP
Board, the OWASP Executive Director, OWASP Staff, Dinis Cruz, Johanna
Curiel, and various others.
Click here to review the document. -
This is your opportunity to have a voice in the future of OWASP
governance. We look forward to hearing your thoughts on this
2014 Global Board of Directors Election
Please visit our 2014 Board Elections page -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/217f8dbc9d for frequent updates. Our Call for Candidates is only open until
August 15! Please submit your candidacy here -
Once confirmed, the candidates will conduct individual interviews
answering questions from the community. Anyone can submit a
question(s), vote up or vote down existing questions. The top 5 to 6
questions will then be used for each candidate’s interview. If you
have a question you would like to submit, please do so here -
For a complete Election Time line, Click Here -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/e47c2b18fa Global Board of Directors
Interested in what is going on with the Board of Directors? Board
meetings are open to the public, and upcoming meetings as well as
agendas are posted to the Board wiki page -
Upcoming 2014 Meetings
July 9, 2014 9am-10am PST
August 13, 2014, 9am-10am PST
September 10, 2014, 9am-10am PST
September 16, 2014, 6pm - 9pm MST (in person at AppSec USA
Reminder: Discussing Governance at OWASP
We have an open mailing list for discussing the overall topic of
governance at OWASP. Click Here -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/c84e29e461 to browse the list archives.
OWASP Winter Code Sprint
We are thrilled to announce the launch of OWASP Winter Code Sprint
(OWCS) for this upcoming Autumn/Winter (Sept 14-March 15).
What is OWCS?
The OWCS is a program to involve students with Security projects. By
participating in OCWS a student can get real life experience while
contributing to an open source project and getting university
How it works
Any OWASP project that will give you university credits can
participate in OCWS. Each project will be guided by an OWASP expert
along with a professor. Students are graded by their University,
based on success criteria identified at the beginning of the project.
Projects are focused on developing security tools. It is required
that the code any student produces for those projects will be
released as Open Source. Universities are free to specify their own
requirements to projects, such as written reports. OWASP does not
influence the way grades are allocated. The OWASP advisers will
provide any information professors need in order to grade their
How to participate?
As a Student:
Review the list of OWASP Projects currently prticipating in OWCS
Get in touch with the OWASP
Project mentor of your choice
Agree on deliverables with OWASP mentor and university professor
Work away during
Autumn/Winter 2014 Rise
to Open Source Development Glory!
As a Professor:
Review the list of OWASP Projects currently prticipating in OWCS
Get in touch with the OWASP
Project mentor of your choice
Promote the participating OWASP Projects among students
Review student progress with help
from OWASP mentors Grade
student work according to university scoring system
Provide student grade results to OWASP
CLICK HERE for more information -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/606b09015f OWASP Meet and Greet at
What does this mean? Chapter and Project leaders that are already
planning on attendingBlackHat USA 2014 can sign up for a 2 hour slot
(or more) to promote their chapter and/or project at the OWASP booth.
This will allow conference goers that may only know you via email to
put a face to a name. It will also provide you visibility to
thousands of individuals to promote your chapter and/or project.
We have a limited amount of "Expo Only" passes available if you were
not planning on attending BlackHat but will be in Las Vegas on
Wednesday, August 6 and/or Thursday, August 7 and want to promote
your chapter/project at the OWASP booth.
Leaders will be showcased for the time(s) you select and the leader
with the most visitors over the two days will win a prize!
To help us promote your chapter and/or project, please fill in the
time(s) that best accommodates your schedule to be showcased at the
OWASP BlackHat booth here -
BSides 2014 Las Vegas Tuesday, August 5 - Wednesday, August 6
Anyone that will be in Las Vegas and would like to help promote OWASP
at our BSides booth is welcomed! Please select the time(s) that best
fit your schedule to volunteer at the OWASP booth here -
http://cts.vresp.com/c/?TheOWASPFoundation/7d3680ebcc/4f163f6020/429dc3b178 . The volunteer with the most visitors over the course of the two
days will win a prize!
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this
message with "Unsubscribe" in the subject line or simply click on the
The OWASP Foundation sent this email free of charge using
VerticalResponse for Non-Profits. Non-Profits email free. You email
The OWASP Foundation
1200-C Agora Drive
Bel Air, Maryland 21014
Read the VerticalResponse marketing policy:
You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-summit-2013+unsubscribe at owasp.org.
To post to this group, send email to owasp-summit-2013 at owasp.org.
Visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-summit-2013