[Owasp-summit-2013] OWASP Connector March 18

The OWASP Foundation The_OWASP_Foundation at mail.vresp.com
Wed Mar 19 00:51:53 UTC 2014

March 18, 2014  |   | www.owasp.org -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/66eee8d6b4   | Contact Us -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/5b4c74ec26   |  Brought to you by the OWASP Foundation

Featured OWASP Project

OWASP Passfault -

When setting a password, OWASP Passfault examines the password,
looking for common patterns. It than measures the size of the
patterns and combinations of patterns. The end result is a more
academic and accurate measurement of password strength. When setting
a password policy, OWASP Passfault simplifies configuration to one
simple meaningful measurement: the number of passwords found in the
password patterns. This measurement is made more intuitive and
meaningful with an estimated time to crack.

For more information, please contact the Project Leader, Cam Morris -

New OWASP Projects


The project aims to gather participants to improve the ISO standards
about application security and secure coding. The ISO Project is
currently seeking expert participants to create working groups that
would contribute to the ISO guidances within the ISO Project.

For more information, please contact the Project Leader, Sebastian
Gioria. - Sebastian.Gioria at owasp.org

OWASP Top 10 Privacy Risks Project

OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for
privacy risks in web applications because currently there is no such
catalog available. The list will cover technological and
organizational aspects like missing data encryption or the lack of

For more information, please contact the Project Leader, Florian
Stahl. - florian.stahl at owasp.org

OWASP WASC Web Hacking Instances Database Project

The OWASP WASC Web Hacking Incidents Database Project is a project
dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of
the web application security problem and provide information for
statistical analysis of web applications security incidents. The
database is unique in tracking only media reported security incidents
that can be associated with a web application security vulnerability.

For more information, please contact the Project Leader, Ryan
Barnett. - ryan.barnett at owasp.org

OWASP Security Frameworks Project

The OWASP Security Frameworks Project is a series of design patterns
that can be used by language designers and architects to create
secure frameworks for developers, thereby relieving developers of the
work of implementing security themselves. The ultimate goal is to
have as much security as possible built into the programming
environment so that developer mistakes and omissions are less likely
to lead to security vulnerabilities.

For more information, please contact the Project Leader, Ari

OWASP WASC Distributed Web Honeypots Project

The goal of the OWASP WASC Distributed Web Honeypots Project is to
identify emerging attacks against web applications and report them to
the community including automated scanning activity, probes, as well
as, targeted attacks against specific web apps. The scope of this
project has recently been expanded to include deployment of both
standard web application honeypots and/or open proxy honeypots.

For more information, please contact the Project Leader, Ryan
Barnett. - ryan.barnett at owasp.org

OWASP Click Me Project

The OWASP Click Me Project is aimed at having a simple GUI which
helps to create a test page for Clickjacking attacks.This is an
attack which targets the clickable content on a website. OWASP Click
Me tool will help you to test whether your site is vulnerable to this
attack by creating a html page that will try to load your web site
from a frame.

For more information, please contact the Project Leader, Arun Kumar

OWASP Secure TDD Project

The OWASP Secure TDD Project allows organizations to integrate
security into the Test Driven Development (TDD) lifecycle. The OWASP
Secure TDD Project contains an open source tool written for .NET
developers in order to allow generation of the most common tests out
of the box and enable developers to consciously improve the project
by developing additional tests or extensions.

For more information, please contact the Project Leader, Arun Kumar

Adopted Projects

http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/044bcacf4b  adopted by Greg Disney Leugers - gregory.disney at owasp.org

OWASP Orizon Project -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/6c97ec798c  adopted by Greg Disney Leugers - gregory.disney at owasp.org

OWASP SQLiX project -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/d616054fd1  adopted by Anirudh Anand - anirudh.anand at owasp.org

The OWASP Platform is getting a facelift

Coming soon, we will be unveiling the initial phases of a new,
consolidated Community Platform.

Gone are the days of complicated membership registration, and tedious
event registrations.  Imagine, being able to manage your membership,
any events, donations, and update your information in ONE location!

Additional Features like community resources, OWASP FAQ, and
collaborative groups with community polls, are just some of the
enhancements that will be released during 2014.

We will be providing detailed information and instructions in the
coming weeks.

Global AppSec Events in 2014

AppSec LATAM 2014 - LATAM Tour (April 21 - May 12) -

Registration is now open!  Please refer to the tour pages for the
location you want to register for.

In 2014, instead of holding an AppSec LATAM Conference, we organizing
a LATAM Tour which we hope will bering together LATAM community
members together to spread the OWASP mission.  Here are the sheduled
stops for the tour:

April 21-22, Costa Rica (San Jose)                                   
 April 22-23, Chile (Santiago)                                    
April 23-24 Ecuador (Quito & Guayaquil)                              
      April 25-26 Peru (Lima)                                    
April 28-29 Panama (Panama)                                     April
29-30 Uruguay (Montevideo)                                     May
5-6 Venezuela (Caracas)                                     May 6-7
Colombia (Bogota)                                     May 8-9
Argentina (Buenos Aires)

Sponsorship Opportunities -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/e0fbecbb48  are available as well.  Please find further information on  the Tour
Wiki Page. -

AppSec EU 2014 (June 23 - 26, Cambridge, UK) -

Registration is now OPEN -

Training - June 23-24, Conference - June , 25-26                     
               Sponsorship details are now available -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/aae3638fda                                      Call for papers, presentations
and training -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/920be293eb  is now open.  The deadline to submit is March 21, 2014

AppSec USA 2014 (September 16 - 19, Denver, CO) -

Training - September 16-17, Conference - September 18-19             
                       Sponsorship packages -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/0986a6ad6f  are now available.                                     More
information on the call for papers and training - Coming Soon

Upcoming Regional Events

LASCON 2014 (October 21 - 24, Austin, TX) -

Partner and Promotional Events

OWASP has partnered with these great events in beginning of 2014 to
grow our community and build awareness around software security. If
you want to learn more about OWASP's involvement or will be attending
and want to help out contact us -

InfoSec World Conference & Expo 2014 -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/6b861719fd , April 7-9, 2014.  OWASP Members receive a 10% discount off the
standard conference registration fee by using discount code: 

Cyber Security Summit -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/99f65403ac/utm_source=media-partner&utm_medium=event-listing&utm_campaign=owasp , April 9-10, 2014.  Prague, Czech Republic.  OWASP Members receive a
20% discount off of the general event registration fee by using THIS

THOTCON - Chicago's Hacking Conference -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/4fb524c474 , April 25, 2014, Chicago IL.  Tickets -

Project Announcements

Project Summit 2014

The 2014 OWASP Summit is currently in the planning process. We have
managed to acquire a great space at Anglia Ruskin University thanks
to the AppSec EU 2014 planning team. We are currently looking for
summit track and session and ideas and would like the imput of our
project leaders to help us design the 2014 Project Summit. What
projects, topics, working sessions, and tracks you would like to see
or participate in at this year's summit? Submit your ideas to
Samantha Groves. - Samantha.Groves at owasp.org  and help us create our
best Project Summit yet!

OWASP Yasca Needs an Interim Leader -

The OWASP Yasca Project is currently in need of an interim project
leader for a 2014 tools based, in-person, working session that will
potentially be funded. Those interested in this opportunity should
familiarize themselves with the OWASP Yasca Project:

For more information about taking up the post as interim leader for
the OWASP Yasca Project, please contactSamantha Groves -
Samantha.Groves at owasp.org

OWASP Projects on Ohloh

Recently, OWASP joined Ohloh -
http://cts.vresp.com/c/?TheOWASPFoundation/bcf8e26fc0/4f163f6020/9126815611 , which is an Open Source platform that allows viewers to get more
information on open source projects. The aim of this repository
transition is to make it easier to track project progress and to
offer better review results to leaders. We are asking that project
leaders create an Ohloh account for their project, to create easy
access to repositories for OWASP projects, and to better assist in
project reviews. Account creation takes just a few minutes and Ohloh
allows you to link as many repositories as you like, from Github, to

OWASP Foundation Social Media

LinkedIn -

Twitter -

Google + -

Facebook -

Ning -

StackOverflow -

Thank you to our renewed Corporate Members:

Aspect Security                                     Denim Group      
                              MStar Semiconductor, Inc.              
                      PwC Technology                                 
   Rakuten                                     Trustwave SpiderLabs

OWASP is Growing!

We are pleased to announce the newest member of the OWASP Staff, our
new Community Manager,  Genevieve (GK) Southwick.

About GK:  GK Southwick has been working in the Event Planning space
for over 20 years. Starting with Physical Security in 1990, she
eventually moved on to roles in Operations, Production, Facilities
and Technical Direction, with an emphasis on personnel management.
Active as a volunteer in the InfoSec space, she is Producer and
President of the Board at Security BSides Las Vegas, is second in
command of Physical Safety and Security at DerbyCon, afternoon Stage
Manager and volunteer coordinator for DEFCON SkyTalks, and until
moving to Denver in 2013, was head of Safety and Security and
Volunteer coordinator at Security BSides San Francisco. She now
volunteers with BSidesDenver, where she's currrently running
Registration. She has also run Safety and Security for BruCon in
Belgium and at BSidesATL, as well as helping out wherever necessary
at SOURCEBoston.

GK is excited to bring her extensive volunteer management experience
to OWASP, as she takes on the role of Community Manager. She's
looking forward to the challenges and opportunities ahead of her
while expanding the volunteer base within the organization, and
working closely with the Chapter Leaders, to help them fulfill the
OWASP Mission and assist them with their operational needs.

GK has a secondary diploma in Homeland Security from Bryman College,
San Jose, where she graduated in 2004 With Honors.

GK's Community Management Role with OWASP:  GK will be helping OWASP
to continue building a platform to encourage volunteer participation
the OWASP community. She will also be working with the chapters to
support their efforts and help them grow OWASP's presence around the
world   GK has a passion for this community and mission as well as
invaluable experience in organizing and motivating people.

Just for Fun

We would like to congratulate Michael Conlon for submitting the first
correct response to last issue's puzzle.  Thank you to everyone who
submitted your response.  If you missed the question, you can find it
on the OWASP Blog -

The Blue Knight, assuming that she did not drink too much to impede
her                                         ability to walk, would
take 2.5 hours to make the journey between the                       
                 World's End Pub and the castle on foot.

This issue's challenge

Mr. Slow, Mr. Medium, Mr. Fast, and Mr. Speed must cross a rickety
rope bridge in 17 minutes. The bridge can carry at most two people at
a time. Furthermore, it's dark, and there is only one flashlight; any
single person or pair of people crossing the bridge must have the
flashlight with them. (The bridge is too wide for the flashlight to
be thrown; it must be carried across.)                               
          Each man walks at a different speed. A pair travelling
together must walk at the rate of the slower man. Mr. Slow can cross
the bridge in at most 10 minutes; Mr. Medium can cross in 5 minutes;
Mr. Fast can cross in 2 minutes; Mr. Speed can cross in 1 minute. How
do all four men get across in the bridge in 17 minutes?

Please submit your answers HERE - support at owasp.org

OWASP Member Spotlight - Lee Cambria, Pittsburgh, PA, USA

As an organization driven by it's membership community, it's high
time we dedicate some space to recognizing YOU!

Lee Cambria - Lee.Cambria at owasp.org  got involved in OWASP when she
took over the defunct Pittsburgh, PA Chapter.

Lee says:  "I am Lee Cambria and have been in the Information
Technology field for over 20 years. I have spent the last 8 years of
my career focused on information security. My last two positions have
been with major financial institutions where there is a heightened
awareness for all aspects of security. Over the years I constantly
find myself referring to the works of OWASP and promoting the value
it brings to the security community.

The reason I was initially drawn to OWASP years ago was the caliber
of security minded people that I knew who supported and actively
participated in OWASP. In addition to this OWASP is a recognized
leader in application security among ethical hackers and application
programmers alike. It provides a risk based approach and encourages
innovated thinking and free exchange of ideas." 

Click to view this email in a browser

If you no longer wish to receive these emails, please reply to this
message with "Unsubscribe" in the subject line or simply click on the
following link: 


The OWASP Foundation sent this email free of charge using
VerticalResponse for Non-Profits. Non-Profits email free. You email

The OWASP Foundation
1200-C Agora Drive
Bel Air, Maryland 21014

Read the VerticalResponse marketing policy: 

You received this message because you are subscribed to the Google Groups "OWASP Summit 2013" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-summit-2013+unsubscribe at owasp.org.
To post to this group, send email to owasp-summit-2013 at owasp.org.
Visit this group at http://groups.google.com/a/owasp.org/group/owasp-summit-2013/.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-summit-2013/attachments/20140319/de585f16/attachment-0001.html>

More information about the Owasp-summit-2013 mailing list