Wednesday, May 22, 2013
Planning on attending Black Hat USA this year? Are you a member of OWASP?
If you answered "yes" to both of these questions and would like to save 15% off on your registration fee please use discount code KobrLQ55.
Tuesday, May 21, 2013
OWASP Connector May 21, 2013
|
Monday, May 20, 2013
2013 OWASP Mobile Top 10 Call For Data
Hello All,
We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal publication. We are encouraging everyone to get involved.
The current Mobile Top Ten Risks are located here:
We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal publication. We are encouraging everyone to get involved.
The current Mobile Top Ten Risks are located here:
What do we need?
Right now we are looking for data that represents the current state of mobile application security. We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues. The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions. We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project.
How can you contribute?
Contributing data is easy. All we require is anonymized statistics on the vulnerabilities you’ve seen in 2012-Present. If you have data on real-world incidents and attacks to share, these will be of great value as well as they will allow real-world impact to be better assessed. This can be just aggregate percentages, no need to tell us how many apps you’re doing if you’re not comfortable with that. Something like the below:
- Issue: Something related to geolocation
- Percentage Affected: X%
- Number Affected: Y (only if you are comfortable with this)
- Brief Description: This is a problem because xyz and also, bad things.
The data you submit does not necessarily have to reflect the current Top 10, it has to reflect what you are observing in the applications you analyze. At the same time, we would certainly love feedback on what you believe is correct or incorrect about the current list.
What happens next?
After a 60 day period we will review all submissions and re-draft the Mobile Top Ten based on the prevalence and impact of data provided by participants. After the submission period ends, there will be follow-on discussions and work to analyze the data. Participation in this initiative may require up to 10 hours of efforts per week, so please take this into consideration before signing up.
Spread the word. Make a difference.
Also, any help spreading the word on the Mobile Security Project is immensely helpful. A Tweet/Facebook/Linkedin post, blog entry, etc. This initiative will fail if people don't know about it. Anyone that you can promote this initiative to will help the cause.
We thank all of you in advance for your participation and hard work in making this initiative a success. Your participation will be noted and recorded when compiling the list of contributors for the final release of the Mobile Top 10 Risks documentation.
Get in touch and get involved.
Please direct any questions or concerns to the Top 10 Refresh leaders, Jason Haddix (jason.haddix@owasp.org), Jack Mannino (jack.mannino@owasp.org), and Mike Zusman (mike.zusman@owasp.org).
We will be using a Google Group to collaborate on the Top 10 refresh: https://groups.google.com/a/owasp.org/forum/?hl=en&fromgroups#!forum/owasp-mobile-top-10-risks
The OWASP Mobile Security project’s mailing list is also another way to get in touch with other contributors (owasp-mobile-security-project@lists.owasp.org).
Wednesday, May 15, 2013
2013 Board Election Call For Candidates & Honorary Membership
On behalf of the OWASP Foundation, I am happy to
announce the 2013 OWASP Foundation Call for Board Candidates. This
year there are three board seats open for election. We are now accepting
Call for Candidates and Honorary Membership requests.
Individuals that are interested in running for the board are strongly encourage to read the International Board of Directors Primary Responsibilities as well as the Eligibility Requirements for Board Candidates before submitting your Candidate Submission form. All candidates interested in running must be declared by August 16.
Honorary Membership is available for active project and active chapter leaders with their leadership positions on file prior to September 30. **ALL qualified individuals who wish to be granted Honorary Membership MUST apply for Honorary Membership in order to vote in this years election.** Deadline to submit your self nomination form for Honorary Membership is September 30.
For more information on this years Board Election including the Election Timeline, Call for Candidates form and the Honorary Membership form please see http://owasp.com/index.php/
Individuals that are interested in running for the board are strongly encourage to read the International Board of Directors Primary Responsibilities as well as the Eligibility Requirements for Board Candidates before submitting your Candidate Submission form. All candidates interested in running must be declared by August 16.
Honorary Membership is available for active project and active chapter leaders with their leadership positions on file prior to September 30. **ALL qualified individuals who wish to be granted Honorary Membership MUST apply for Honorary Membership in order to vote in this years election.** Deadline to submit your self nomination form for Honorary Membership is September 30.
For more information on this years Board Election including the Election Timeline, Call for Candidates form and the Honorary Membership form please see http://owasp.com/index.php/
Wednesday, May 8, 2013
AppSecUSA $445 before May 15th
Early Bird Special: AppSecUSA 2013 NYC
Pardon the interruption, we wanted to save you $500 before May 15th
In the city that never sleeps (NYC), what could possibly happen when you have over 2500 Builders, Breakers and Defenders from around the world get together? Collaboration that drives innovation and a recipe for another high energy cyber security conference not to be missed!
This year, located in the heart of New York in Time Square, at the Marriott Marquis, November 18th - 21st you will experience
* Briefings from industry experts on topics you care about
* Evolve OWASP projects at working sessions LIVE
* Meet hundreds of OWASP core contributors and project users
* Learn new skills from two-day hard core training classes.
If you have always wanted to see New York City this is your "ticket" -- bring the family or bring your team!
Additional activities
-----------------------------
* "Gringo WebHacker" in the Lockpick Village
* 5k NYC Run
* WIN the Capture the Flag for this years bragging rights and cash prizes!
* CareerFair
* Broadway Shows -- Helicopter Rides we have been hard at work!
....... and much much more we're just getting started!
Register BEFORE May 15th and get your 2-day all access badge for only $445.00 a saving of $500
FULL DETAILS ONLINE AT: http://www.appsecusa.org
=======
Not able to attend the full event but want to learn whats new from the sponsors or attend the CareerFair no problem OWASP has you covered - register now using the event code of: NYCOWASP! (A $50 value) and receive a limited access badge to the TechExpo, CareerFair and the Capture the Flag competition
Interested in being a sponsor and reaching key technical influencers and decision makers? Opportunities are available act today space is limited:http://appsecusa.org/2013/sponsors/become-a-sponsor/
========
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP online at http://www.owasp.org
OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide
In the city that never sleeps (NYC), what could possibly happen when you have over 2500 Builders, Breakers and Defenders from around the world get together? Collaboration that drives innovation and a recipe for another high energy cyber security conference not to be missed!
This year, located in the heart of New York in Time Square, at the Marriott Marquis, November 18th - 21st you will experience
* Briefings from industry experts on topics you care about
* Evolve OWASP projects at working sessions LIVE
* Meet hundreds of OWASP core contributors and project users
* Learn new skills from two-day hard core training classes.
If you have always wanted to see New York City this is your "ticket" -- bring the family or bring your team!
Additional activities
-----------------------------
* "Gringo WebHacker" in the Lockpick Village
* 5k NYC Run
* WIN the Capture the Flag for this years bragging rights and cash prizes!
* CareerFair
* Broadway Shows -- Helicopter Rides we have been hard at work!
....... and much much more we're just getting started!
Register BEFORE May 15th and get your 2-day all access badge for only $445.00 a saving of $500
FULL DETAILS ONLINE AT: http://www.appsecusa.org
=======
Not able to attend the full event but want to learn whats new from the sponsors or attend the CareerFair no problem OWASP has you covered - register now using the event code of: NYCOWASP! (A $50 value) and receive a limited access badge to the TechExpo, CareerFair and the Capture the Flag competition
Interested in being a sponsor and reaching key technical influencers and decision makers? Opportunities are available act today space is limited:http://appsecusa.org/2013/sponsors/become-a-sponsor/
========
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP online at http://www.owasp.org
OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide
Tuesday, May 7, 2013
OWASP Connector May 7, 2013
|
Subscribe to:
Posts (Atom)