|Global OWASP Connector - November 26, 2013|
2013 Project Summit
I just wanted to take some time to thank all of the OWASP Project Leaders that participated in last week's project talks, and the OWASP Project Summit at AppSec USA in New York. Both activities were great successes. They could not have been as terrific without your hard work, dedication, and contributions. I hope to see you again next year! Samantha Groves
OWASP Media Project
Jonathan Marcil, project leader, was at AppSec USA this past week recording our attending Project Leader's presentations during the Summit. We now have an excellent collection of talks on our OWASP YouTube channel. If you want to watch, please visit our official You Tube channel
Thank you to our Newest Corporate Member
Thank you to our Renewed Corporate Members
Proposed Change to Corporate Membership Model
Comment Period Open
The board voted to move to a tiered corporate membership model. This enables organizations to support OWASP at a variety of levels. We are still working on the details of the updated membership matrix. We are seeking the input and feed back from current and potential corporate supporters on the proposed model.
Please take a few minutes to review the proposal and provide us with your feedback. You can email us at email@example.com
New Membership Model Proposal
Thank EVERYONE who helped out with the OWASP Foundation AppSec USA 2013 event. In total we raised over $250,000.00 for OWASP Foundation and just a few media hits that mention the event inline with our mission of raising awareness. The videos will be online line here: Global OWASP YouTube Channel.
2014 Global Conference Schedule:
AppSec APAC 2014 - March 17-20, Tokyo, Japan CALL FOR PAPERS/TRAINING IS NOW OPEN
AppSec EU - June 23-26, Cambridge, UK
AppSec USA - September 16-19, Denver, CO
Local and Regional Events
OWASP BeNeLux - Nov 28-Nov 29, Netherlands
AppSec California 2014 - Jan 27-Jan 28, Santa Monica, CA
Partner and Promotional Events
OWASP has partnered with these great events in the latter half of 2013 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and ant to help out contact us
Atak i Obrona (attack & Defense) 2013 - Poland, November 26
Cloud Security Alliance Congress 2013 - Orlando, FL, December 4-5 - OWASP Members receive a 10% discount by using discount code: CSA13/OWASP
Winter Hacker Festival 2013 presented by HackMiami - Miami, Fl, December 5-7
Nullcon - Goa, India, Feb 12-15, 2014 Call for papers is open. Submit here
Security Management Audit Forum 2014, Poland, February 19-20
Congratulations to the 2014 Foundation Board of Directors
Josh Sokol - NEW
Tobias Gondrom - NEW
Members at Large
Fabio Cerullo - NEW
Also, many thanks to Sebastien Deleersnyder and Dave Wichers for their many years of service on the OWASP board. While their involvement on the board will be coming to a close at the end of 2013, we fully expect we will continue seeing them at many AppSec and other OWASP events.
More information on the election and the candidates can be found on
THE ELECTION PAGE
Global Webinar Series
PHP Security Project
Abbas will walk us through the PHP framework and demonstrate proper usage of the tools and libraries.
10am EST - LIVE
9pm EST - Recorded Session
Updated OWASP Brand Resources
OA comprehensive library of OWASP images, logos, avatars, and other marketing resources - as well as the research used to create these new logos - is now available on the wiki. Please use these images and brand guidelines when editing and creating content on behalf of OWASP.
LINK TO BRAND RESOURCES
Tuesday, November 26, 2013
Monday, November 25, 2013
The OWASP Japan Chapter is accepting papers and training submissions for AppSec APAC 2014, , Tokyo.
We're accepting sessions in the following topics:
- Security aspects of new web technologies (HTML5, CSP, etc.)
- New Attack and Defense
- Mobile security
- Cloud security
- Automated security testing
- Security awareness and education
- Threat modeling
- Secure coding and code review
- OWASP Projects
- Case Studies
- Legacy system and maintenance
If you want to present a session in Tokyo, now is the time to send an e-mail to the selection committee at firstname.lastname@example.org providing them with:
- Title of your presentation or training session.
- Presentation type (talk or training).
- Language: Please note that all proposals and presentations must be in English or Japanese.
- Short description: A summary of the main idea of your proposal. Absolute limit of 30 words.
- Abstract: A concise description of the purpose, methods, and implications of your presentation. Length 150-200 words.
- Previous speaking experience (or references).
- Your bio.
- Your e-mail.
* The call for papers and training ends December 15, 2013 at 11:59PM JST.
* Notification of acceptance:
For more information please visit AppSec APAC 2014 Call for Papers and Trainings.
We are looking forward to seeing you in Tokyo!
I wanted to take a moment to thank EVERYONE who helped out with the OWASP Foundation AppSecUSA 2013 event.
In total we raised over $250,000.00 for OWASP Foundation and below I have included just a few media hits that mention the event inline with our mission of raising awareness. If you have additional items that I missed, please add them in the comments.
A FAQ has been the videos - we have them coming online here: http://www.youtube.com/user/OWASPGLOBAL
AppSec USA Hits:
Study: Most Application Developers Don't Know Security, But Can Learn
Hack-a-thon Finds 220 Bugs in Facebook, Google, Etsy
How Facebook reveals your friends list even when it’s set to private
Going Back to the Future in the Name of Good Security
Moving from Do Not Track to Can Not Track
"Let's Do Security That Matters"
Information Security: We Still Have a Long Way to Go
Where Developers are Dropping the Ball – OWASP AppSecUSA
Information Security Buzz
If you are running your business on a mobile device you may be putting your customers at risk
iOS Point-of-Sale Devices Pose Security Risk
Wait, wait… don’t pwn me! – Game show on security news
Trusted Software Alliance
OWASP Foundation: New York Times CTO; Senior Executives from HP, Oracle, Bloomberg LP Among Confirmed Speakers For AppSec USA
Security: I think we can win
The perilous future of browser sercurity
Training developers at appsecusa
Build but don't break
HTML 5: Risky Business of Security Tool Chest?
What could go wrong – thinking differently about security at app sec usa
Java and Oracle on security at app sec usa
DevOps and Portfolios
Accidental Abyss: Data Leakage
Introduction to the newest addition to OWASP Top 10
Everything we know about Web security is wrong
Not All CSRF Defenses are created Equal
AppSensor at AppSec USA in New York
Web Security, Usability and Design
AppSec USA 2013
AppSec USA 2013
AppSec USA, November 18-21, NYC
Software Developers' Journal
OWASP Foundation Presents: AppSecUSA 2013
OWASP AppSec USA 2013
Government Security News
OWASP AppSec USA 2013
Homeland Security Today
At @appsecusa hearing @joshcorman & @c7five discuss hacking cars, pacemakers & insulin pumps. Scary, sobering stuff.
Had an eye-opening experience at @appsecusa.
AppSecUSA Photos and comments from the show floor
Did we MISS SOMETHING? Add it to the comments.
Monday, November 18, 2013
Team OWASP - Bug Bounty Program Agreement
I agree to participate on Team OWASP, and share information amongst the team for purposes of collaborating on finding and disclosing security vulnerabilities in the authorized bug bounty programs listed below.
I will respect and follow the guidelines for responsible disclosure set forth by the authorized bug bounty programs. If you have questions about the details of these guidelines, please read the information provided on the links below.
For example, here are are the first two items on LinkedIn’s responsible disclosure policy:
I agree that any awarded bounties for vulnerabilities found by Team OWASP, will be paid directly to the OWASP Foundation.
- Facebook: https://www.facebook.com/whitehat
- Coinbase: https://coinbase.com/whitehat
- Evernote: http://evernote.com/security/
- Gallery Project: http://codex.galleryproject.org/Bounties
- Ripple: https://ripple.com/bug-bounty/
- 37 Signals: https://37signals.com/security-response
With mobile app
- Launchkey: https://launchkey.com/docs/whitehat
Web related apps:
- Umbraco: http://umbraco.com/
Friday, November 15, 2013
The ESAPI Hackathon Sessions will be going on throughout the Project Summit in New York.
Details and agenda available on: http://sched.co/1gFni6y.
TIming: Monday, Tuesday, Thursday, November 18, 19, 21, 2013, 10:30am- 5:00pm
Wednesday, November 20, 2013 12:00pm - 5:00pm
Location: Sky Lounge (16th Floor) (NY Marriott Marquis)
In this hackathon we will focus on building modular security controls that can be plugged in to the brand new ESAPI 3.0 framework allowing developers to quickly and easily integrate the security controls they need into their projects. During the hackathon, the ESAPI leaders will be on-site to get the effort kicked off, join in the coding fun, and to present awards for submitted components on the final day! Join us to leave your mark on one of the most visible OWASP Code Projects in our arsenal, and help make tomorrow's applications more secure!
Take part in building the next generation of the Enterprise Security API.
To participate in the ESAPI Hackathon, add the session to your schedule on: http://sched.co/1gFni6y.
See you in New York!
Friday, November 8, 2013
Education and training is an important part of OWASP's mission as it helps not only in increasing the awareness around application security but also in actually improving the security of applications.
The OWASP Academies program aims to bring together academic institutions from all over the world in order to collaborate towards increasing awareness on application security. The OWASP Academy Portal is the actual deliverable of this process: a portal that will provide various types of content (presentations, labs, etc.) to students and faculty who wish to learn or teach application security.
We would like to invite you to join us in the OWASP 2013 Projects Summit which is organized during OWASP AppSec USA 2013, in New York City from November 18th to November 21st.
During the Projects Summit we intend to kick start the Academy Portal, complete the initial design and add some actual content. The OWASP Academy Portal will then serve as the meeting point for application security in academia. Moreover, we will discuss various training models and the experience we have gained over the past years in order to build a model that will be subsequently used to train developers and anyone involved in securing applications.
The OWASP 2013 Projects Summit will serve as a meeting point for several members of the educational and academic community and a unique opportunity to network, collaborate, exchange ideas and experience.
The OWASP Project Summit is a smaller version of the much larger OWASP Summits. This year’s summit aims to give our project leaders the opportunity to have attendees sit down and work on project related activities during AppSec USA. It is an excellent opportunity to engage with active OWASP Project Leaders, and it gives project leaders the chance to move forward on their project milestones while meeting new potential volunteers that can assist with future milestones.
To participate in the Projects Summit Register for FREE for the “Expo and Career Fair Only Pass” and use the following discount code at checkout: NYC13_SUMMIT.
Looking forward to working with you during the OWASP 2013 Projects Summit,
Dr. Kostas Papapanagiotou
Thursday, November 7, 2013
AppSecUSA is 10 Days away are you READY?
What to expect? Listen to the interview
What to expect? Listen to the interview
With a SOLD OUT expo, (5) hard-core, (2) day training classes and over (150) speakers, panel and summit members this will be the LARGEST OWASP APPSEC EVENT.
The local chapter team and staff has been working for many many months to bring together the most amazing content focused on SOFTWARE SECURITY.
Full Website: http://www.appsecusa.org
Direct link to mobile schedule: http://appsecusa2013.sched.org/
YOU ATTENDANCE OPTIONS
BASIC BADGE - $50 use code "NYCOWASP!" to "bypass" that <grin> everyone must register
FULL BADGE - to attend ALL briefings sessions and receptions you will need a full badge. We can offer a (5) pack for only $2,475 a 50% discount at only $495 each. So nows the time to make a friend, grab your office peers and contact us or pick up individual badges at the now current and full price see website: http://appsecusa.org/2013/register/
a) Want to LIVE HACK the largest commercial companies in the world and NOT GET ARRESTED join us for the bug bounty LIVE HACKING on the 18th, 19th on the overlooking NYC Skyline and 20th in the main salon
b) Special Thank you to our sponsors, without them this event would have never been possible in TIME SQUARE, NYC. Come have a BLOODY or BEER and than them all for supporting this community of builders, breakers and defenders http://appsecusa.org/2013/sponsors/
c) Are you a tweeter? Follow the LIVE updates @appsecusa and add hashtag #appsecusa and also come by say hello to TWITTER during the career-fair they are hiring you know...
d) Do YOU want to lead the NYC Chapter or New Jersey chapter in 2014? Attend this session and join the local team http://appsecusa.org/2013/activities/chapter-leader-workshop-sessions/