Wednesday, January 28, 2015

OWASP Foundation Connector


OWASP Global Connector
January 28, 2015 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
Communications

OWASP Foundation 2015 Strategic Goals

Updated Profit Sharing Model for Events

membership

Corporate Members

Individual Members

Conference

Global AppSec Events in 2014

Upcoming Regional Events

Partner and Promotional Events

chapters

New OWASP Chapters

Chapter Activities

projects

2015 Project Summit

ToolsWatch Top 10 Security tools of 2014

OWASP Global Translation

Social Media

OWASP Foundation Social Media



Communications
OWASP Communications

OWASP Foundation 2015 Strategic Goals

Our leadership team has been working on the OWASP Strategic Goals for 2015 and we would love to have your input. OWASP is Community supported and volunteer-driven so it is important that your input is included in our planning.
Our draft strategic goals are outlined in a brief survey. We encourage you to give us your thoughts on how valuable each goal statement is to you and the community. You may also suggest new goals.
Lets get started! Please follow this link and take our survey:
Strategic Goals Survey

Updated Profit Sharing Model for Events

2015 is going to be a great year to host an event! Did you know that as of 2015, the profit share for all non-AppSec local and events is now 10/90 with no cap? That means when you host a chapter event, chapters can keep 90% of profits regardless of the total revenue. This change was approved by the Board during the September meeting.
Events are a great way to raise funds for your chapter. Let us know how we can help. Visit the Chapter Leader Handbook and the How to Host a Conference page for ideas.
Return To Top

Membership
OWASP Membership

New Corporate Members

Renewed Corporate Members

1933 Individual Members

  • 1190 Individual One Year Members
  • 324 Individual Two Year Members
  • 270 Regional One Year Members
  • 66 Honorary Members
  • 64 Lifetime Members
Return To Top

Conference
OWASP Conferences

Global AppSec Events

LATAM

LATAM Tour 2015

    Agenda
  • Santiago, Chile: April 8-9, 2015
  • Patagonia, Argentina: April 10, 2015
  • Bucaramanga, Colombia: April 14, 2015
  • Montevideo, Uruguay: April 15-16, 2015
  • Lima, Peru: April 17-18, 2015
  • Santa Cruz, Bolivia: April 17-18, 2015
  • San Jose, Costa Rica: April 21, 2015
  • Guatemala, Guatemala: April 21-22, 2015
  • Buenos Aires, Argentina: April 23-24, 2015
  • Caracas, Venezuela: April 23-24, 2015
    Additional Information
  • Call for Papers AND Training are now open. Submission deadline February 15, 2015
  • Sponsorship Opportunities are Available
EU

AppSec EU/Research 2015 (May 18 - 21, 2015, Amsterdam, NL)


Call For research. Submission deadline extended to Feburary 15, 2015
Please check the respective calls for prerequisites and submission instructions.
USA 2015 AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Upcoming Local and Regional Events

OWASP London Cyber Security Week (January 26-30, 2015, London, UK)
OWASP New Zealand Day (February 26-27, 2015, New Zealand)

NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 (November 17-20, 2015, Montevideo, Uruguay)

Partner and Promotional Events

SecAppDev 2015 (February 23-27, 2015) Lueven, Belgium
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit Middle East & North Africa (March 9-10, 2015) Mena, Dubai
BlackHat Asia 2015 (March 24027, 2015) Singapore
Cyber Security Summit Europe - Financial Sector (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
Hack In the Box (May 26-29, 2015) OWASP members receive 20% off by using discount code OWASP-HITB2015AMS
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada
bh europe contrast january intel environ axiom

CLICK HERE for information on advertising in the next connector
Return To Top


chapters
OWASP Chapters

New Chapters

OWASP Brooklyn - OWASP Brooklyn will be hosting its inaugural meeting on February 3, 2014. Chapter Leaders - Bev Corwin and Donald Gooden

Chapter Activity

OWASP London - hosts a Cyber Startup Summit
This event which is being held January 28-30 helps to promote, highlight, and bring spotlight to cyber security innovation and new cyber startups in the UK. Some of the planned activities include:

  • Secure Startup Event - talks and workshops to help startups understand how to develop and secure existing and new products
  • Cyber Innovation Event - talks and interactive workshops on the critical role new cyber startups play in new security innovation
  • Hackathon Event - a two day hackathon for developers, students, and the community focusing on innovative security concepts.
For more information and to get your FREE ticket, please view the event's website.
Share your chapter's successes! Submit your stories here
Return To Top

projects
OWASP Project Summit

Project Summit

This is where application security experts meet to discuss plans, projects and solutions for the future of application security. The Summit is not a conference - there are no talks or training seminars - this is an opportunity to do actual work to further the field of application security. We are holding the summit as part of our AppSec EU 2015 conference, but it is a separate activity from the conference itself. Participants will collaborate to produce tangible progress towards influencing standards, establishing roadmaps, and setting the tone for OWASP and application security for the coming years. The Summit will consist of Summit Working Sessions with a variety of topics set by our community. Participants are free to attend any working session, but we encourage everyone to select working sessions for topics where they have the most to contribute. Anyone can attend the Summit! OWASP community members, application security experts, industry players, and developers are all welcome at the Summit. If you would like to receive a personalized invitation for yourself or another person, contact Johanna Curiel.

Project Leader Information

Participant Information

    Where - Amsterdam RAI
  • When - May 20-22, 2015
  • Who - Open to anyone
  • Why? - Contribute to the future road map for Application Security
For more information check out the Summit Wiki Pages or contact a member of the organizational team:

ToolsWatch Top 10 Security tools of 2014 published

3 OWASP Tools are included in the ToolsWatch Top 10 Security tools of 2014! Congratulations to the projects and to the project leaders!<.

OWASP Global Translations

Since it's release in June 2013, The OWASP Top 10 has been translated into 12 different languages.
Visit the Top Ten Project Page to view all of the available translations.
There are other projects in need of translators and proofreaders, including The OWASP Testing Guide 4.0. Please help us in keeping OWASP a truly international organization!
Return To Top

Social Media
OWASP Foundation Social Media
Return To Top




Wednesday, January 14, 2015

SC Congress - London



980x295lonbackgroundimage


3 March 2015
8:30 am – 6:30 pm
ILEC Conference Centre
London SW 6, 1UD

Answer: Everything you need to know. 

As a seasoned cybersecurity professional, you recognize that your job is only as sound as your insider knowledge and your foresight.

So much to know. So much to learn.

Yet so much to be gained in just one day. The not-to-be-missed SC Congress London conference and expo – offering delegates an opportunity to earn up to 8 CPE credits – is your complimentary ticket to the latest insights on:

·       The Internet of Things: Experience it firsthand with our keynote demo

·       Big Data vs. Privacy Regulation – Hear from both sides of the debate

·       Cyber crime and public/private cooperation – Get in on the conversation

·       BYOD – The opportunities and threats that arise with personal mobile access in enterprise

·       The cyber solutions your company needs in our unique Exhibition Hall

·       The newest luminaries in the industry – and a chance to network face to face

Register today to reserve your space at no cost!

And that’s not all we have to offer. Check out SC Magazine’s website to download our mobile app, follow us on Twitter, and see all that SC has to offer. Stay informed with a print or digital subscription to our magazine, sign up for our newsletters, or attend an upcoming virtual event!




Tuesday, January 13, 2015

OWASP Foundation Welcomes Contrast Security as Premier Corporate Member


FOR IMMEDIATE RELEASE

OWASP Foundation Welcomes Contrast Security as Premier Corporate Member

With a Mission to Empower Any Organization to Secure Themselves, Contrast Security Contributes to OWASP to Make the World’s Software More Secure

Bel Air, MD – January 13, 2015 – The Open Web Application Security Project (OWASP), a worldwide not­for­profit charitable organization focused on improving the security of software, is pleased to welcome Contrast Security, creator of the world’s fastest application security software as a sponsor.

OWASP is an open community of over 42,000 participants dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor neutral with the collective wisdom of the best individual minds in application security worldwide.

“11 years ago we helped found OWASP to spur innovation and eliminate application security risks, which is now the single greatest risk to enterprises today,” said Jeff Williams, co­founder of both OWASP and Contrast Security. “Contrast is proud to continue this effort on two major fronts by both supporting the OWASP community directly and delivering effective technologies that empower organizations to quickly and accurately protect themselves against attacks on the software that drives their business.”

In addition to their membership, Contrast Security supports several OWASP conferences, including our recent OWASP AppSec USA 2014 Conference in Denver, CO and the upcoming OWASP AppSec California in Santa Monica, CA. All of our AppSec USA 2014 conference talks are available for free on our conference site here: http://2014.appsecusa.org/2014/about/live­streaming/. Contrast also supports and participates in various OWASP projects, chapters, and activities.

“Our Corporate members provide significant commitment to the OWASP mission with volunteer support as well as one­third of our funding. We are thrilled to have Contrast Security as a Premier Corporate member,” stated Kelly Santalucia, Membership & Business Liaison of the OWASP Foundation. “Contrast Security’s contributions toward our AppSec USA 2014 event demonstrated strong support for our global initiatives, and we are hopeful that others will follow their lead in giving back to the community.”

Contrast Security delivers the world’s fastest application security software that enables organizations to find and eliminate application security flaws faster, more accurately, and at a
page1image21064

greater scale than ever before. Unlike traditional tools, Contrast instruments applications with real­time sensors to instantly identify vulnerabilities.

About OWASP
The Open Web Application Security Project (OWASP) is dedicated to making application security visible by empowering individuals and organizations to make informed decisions about true software security risks. For more information, visit: www.owasp.org. Follow us on Twitter at: @owasp

About Contrast Security
Contrast Security delivers the world’s fastest application security software that eliminates the single greatest security risk to enterprises today. Industry research shows that application security flaws are the leading source of data breaches. Contrast can be deployed, automatically discover applications and identify vulnerabilities within seven minutes. Relying on sensors instead of expensive security experts, Contrast runs continuously and is up to 10 times more accurate than the competition. Unlike tedious, painful and slow legacy approaches, Contrast analyzes a complete portfolio of running applications simultaneously in real time at any scale. As a result, organizations can act faster against threats and immediately reduce risk. More information on Contrast Security can be found at http://www1.contrastsecurity.com/.


MEDIA CONTACT:
Kelly Santalucia
OWASP Foundation 

kelly.santalucia@owasp.org
973.670.5784

### 

Friday, January 2, 2015

OWASP AppSec California January 26-28, 2015!


Happy New Year everyone!

I wanted to ensure that everyone was aware of our upcoming conference.

On January 26-28, OWASP AppSec California conference returns to the Annenberg Community Beach House right on the beach in Santa Monica California. A collaborative effort by the Los Angeles, Orange County, San Diego, Santa Barbara, and the Bay Area chapters of the Open Web Application Security Project (OWASP), the event will feature world class speakers in a truly unique environment. The conference will be two days filled with multiple tracks, great networking, and a full day of training. Last year’s conference was a tremendous success, and according to those Symantec folks who have attended, it’s a must-go-to software security event!

You can expect the brightest lights in the information security industry at the podium and in the seats around you. AppSec Cali draws California's prodigious information security and management talent as well as expertise from around the globe. Senior executives, technical experts, information security practitioners and students attend AppSec Cali for the information and personal connections the event offers.

The conference venue sits on 5-acres of oceanfront property with spectacular views of the Pacific Ocean. Attendees will be able to enjoy the various indoor and outdoor spaces, meeting with the leading information security practitioners, researchers, and developers in California. 
AppSec California will feature four outstanding Keynote speakers: Alex Stamos, CISO at Yahoo; John Steven, CTO at Cigital; Charlie Miller, Security Researcher at Twitter; and Katie Moussouris, Chief Policy Officer at HackerOne. The full schedule can be found here: https://appseccalifornia2015.sched.org

Training courses have also been added to the agenda, including courses from the basic OWASP Top 10 – Exploitation and Effective Safeguards to more advanced topics such as Cryptography for the Modern Developer and everything in between. More information about the exciting training classes can be found at: https://2015.appseccalifornia.org/training

Who Should Attend AppSec California?
  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies,
  • Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance

IT Professionals Interested in Improving IT SecurityVarious sponsorship opportunities are available to allow all companies to gain exposure for their products and services. 



For more general event information, please visit the AppSec California 2015 website: https://2015.appseccalifornia.org/

Tuesday, December 30, 2014

OWASP Connector


OWASP Global Connector
December 29, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation
Communications

"The Only Constant is Change" - Editorial by Paul Ritchie, OWASP Executive Director

membership

Corporate Members

Individual Members

Conference

Global AppSec Events in 2014

Upcoming Regional Events

Partner and Promotional Events

2016 Call for Proposals

chapters

New OWASP Chapters

Chapter Activities

education

Upcoming Training Opportunities

Social Media

OWASP Foundation Social Media



Communications
OWASP Communications

"The Only Constant is Change" - Editorial by Paul Ritchie, OWASP Executive Director

This quote, commonly attributed to Heraclitus, a Greek Philosopher, sums up my first 5 months experience with OWASP. Our goal on the Operations Team is to support the OWASP community regardless of the hurdles and challenges along the way. 'Did you know' we accomplished the following in support of the OWASP mission.
  • Added Noreen Whysel as Community Manager
  • Hired Event managers for our AppSec & LATAM events
  • Completed a much needed Audit of our Finance & Operating procedures
  • Engaged a new accounting firm, KPMG
  • Engaged an Association Management company, Virtual Management
  • Performed our annual Board of Director Elections
  • Approved the new Committee 2.0 Program for community engagement
  • Updated the Wiki infrastructure
Sure, these all sound like Operations activities, but that's just one of our goals, to ensure the trains run smoothly so YOU, the OWASP Community can carry the message and activities of OWASP forward.
On behalf of the entire Operations team, we look forward to making 2015 an exciting and productive year for OWASP.
Paul Ritchie, OWASP Executive Director
Return To Top

Membership
OWASP Membership

New Corporate Members

Renewed Corporate Members

1933 Individual Members

  • 1231 Individual One Year Members
  • 306 Individual Two Year Members
  • 270 Regional One Year Members
  • 66 Honorary Members
  • 60 Lifetime Members
Return To Top

Conference
OWASP Conferences

Global AppSec Events

LATAM

LATAM Tour 2015

    Agenda
  • Santiago, Chile: April 8-9, 2015
  • Patagonia, Argentina: April 10, 2015
  • Bucaramanga, Colombia: April 14, 2015
  • Montevideo, Uruguay: April 15-16, 2015
  • Lima, Peru: April 17-18, 2015
  • San Jose, Costa Rica: April 21, 2015
  • Guatemala, Guatemala: April 21-22, 2015
  • Buenos Aires, Argentina: April 23-24, 2015
  • Caracas, Venezuela: April 23-24, 2015
    Additional Information
  • Call for Papers AND Training are now open. Submission deadline February 15, 2015
  • Sponsorship Opportunities are Available
EU

AppSec EU/Research 2015 (May 18 - 21, 2015, Amsterdam, NL)

Do you have an important advancement or opinion on application security?
Looking for your 45 minutes of fame?
Then you should definitely submit a proposal for papers or research!
Call for papers. Submission deadline is January 15, 2015
Call For research. Submission deadline is January 20, 2015
Please check the respective calls for prerequisites and submission instructions.
USA 2015 AppSec USA 2015 (September 22 - 25, 2015, San Francisco, CA)

Upcoming Local and Regional Events

AppSec California 2015 (January 26-29, 2015, Santa Monica, CA)
OWASP London Cyber Security Week (January 26-30, 2015, London, UK)
OWASP New Zeland Day (February 26-27, 2015, New Zeland)
NYC OWASP HACKNYC 2015 (March 18 - 19, 2015, NYC, NY)
LASCON 2015 (October 19 - 22, 2015, Austin, TX)
AppSec Rio de la Plata 2015 (November 17-20, 2015, Montevideo, Uruguay)

Partner and Promotional Events

ICCS (January 5 - 8, 2015) New York, NY
CodeMash Conference (January 6 - 9, 2015) Sandusky, OH
SecAppDev 2015 (February 23-27, 2015) Lueven, Belgium
SC Congress London (March 3, 2015) London, UK
Financial Services Cyber Security Summit Middle East & North Africa (March 9-10, 2015) Mena, Dubai
BlackHat Asia 2015 (March 24027, 2015) Singapore
Cyber Security Summit Europe - Financial Sector (April 14-15, 2015) Prague, Czech Republic
Cloud Security World 2015 (May 19-21, 2015) New Orleans, LA
SC Congress Toronto (June 10 - 12, 2015) Toronto, Canada

2016 Call for Proposals

OWASP encourages any community member interested in hosting an OWASP Global Conference to submit a proposal.
Hosting a conference requires both a commitment and a great deal of responsibility. A lot of time, energy and effort are needed during the proposing, planning and implementing phases of hosting a conference. For more information see the How to Host a Conference page.
The dates of each OWASP Global AppSec conference (or Tour) vary somewhat each year but ideally, the conference is held:
  • Latin America (this may be a LATAM Tour instead - Q1)
  • Europe - Q2
  • North America - Q3
  • Asia Pacific (this may be an APAC Tour instead)
To bid for a 2016 OWASP Global AppSec, please complete the OCMS form with the following information before February 27th, 2015.
  1. The proposed city and host chapter.
  2. The name of the intended local organizer and his/her team committed to the task for 2016 along with a brief explanation on why the conference committee wants to organize an OWASP Global AppSec.
  3. Previous conferences or local/regional events experience of the conference committee.
  4. The intended dates for the conference. (Typically includes 2 days of pre-conference training, followed by 2 days of conference talks).
  5. Venue recommendations. If possible, assurance that the following will be available:
    • Green room, storage room, breakout room, capture the flag area, etc.
    • A large auditorium. Other lecture rooms near the main auditorium.
    • Projection facilities in all rooms up to modern standards.
    • A suitable mixing space near the rooms for registration, breaks and other activities.
    • A hall near the rooms for sponsor exhibitions.
    • If possible, attach a tentative floor plan design.
  6. Budget. Please use the form on google docs HERE. (Since many of the categories of expenses are optional, consider this a check list. You can add as many items as you want and you do not need to fill in every box if you do not want it to be included in your event.)
  7. Possible "big name" speakers in AppSec who might be plenary speakers with low travel costs.
  8. Description of the nearby restaurants and accommodation facilities easily accessible from the conference site and reasonably priced.
  9. Anticipated help from volunteers before and at the conference.
  10. Realistic prospects for obtaining sponsorship from outside bodies, e.g., companies, universities, scientific institutes, media, government, etc.
  11. Accessible transport links to the venue.
  12. Local tourist attractions, e.g., historic sites, museums, buildings, galleries, parks, etc.
  13. Any other relevant information.
By submitting an application, you are already demonstrating your commitment to OWASP. We really appreciate every proposal we receive, however not every proposal will be approved. The selection process that will be made by the OWASP operations team with input from previous AppSec organizing teams. Please note that proposal completeness and accuracy are essential, moreover:
  • Preference will be given to the community that demonstrates more engagement.
  • Preference will be given to the team that has successful experience organizing local/regional events.
  • Preference will be given to a location that has not recently hosted a Global AppSec conference.
  • Geographic coverage will be considered when selecting conference sites.
Application submission begins January 1st. The deadline for applications is February 27th. Applicants will be notifiec by March 13th. Selected sites will have until March 20th to confirm that they will host the 2016 conference.
Should you have any questions concerning the proposal process or need assistance with you application, please do not hesitate to contact us.
Return To Top
bh europe
CLICK HERE for information on advertising in the next connector
Return To Top

chapters
OWASP Chapters

New Chapters

OWASP Madrid - created by several members of the OWASP Spain Chapter. Chapter Leader - Daniel Garcia
OWASP Myanmar - inaugural meeting was held November 30, 2014. Chapter Leader - Ye Thura Thet

Chapter Activity

OWASP Manila - hosts an event in Bulacan State Univerity to promote Cyber Security Awareness and the OWASP Top 10 Chapter Leader - John Patrick Lita Find Manila on Twitter @owaspManila
manila students
OWASP New Jersey sponsored New Jersey Institute of Technology's Capstone Showcase. During the event, chapter members mentored a student team in developing a software security project, and then participated on a judging panel to evaluate projects and give awards. New Jersey Chapter Leader - Tom Brennan.
Share your chapter's successes! Submit your stories here
Return To Top

education
OWASP Education and Training

Upcoming Training Opportunities

Return To Top

Social Media
OWASP Foundation Social Media
Return To Top