Monday, February 20, 2017

February 2017 Corporate Members


February 2017 Corporate Members

We would like to thank the following companies for supporting the OWASP Foundation.  
The companies listed below have contributed this month by either renewing their existing 
Corporate Membership or joining OWASP as a new Corporate Member.  

Details about Corporate Membership can be found here.


Contributor Corporate Members
For more information please visit https://www.nccgroup.trust/us/



NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its Correlated VM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies. For more information, visit http://www.netspi.com


Oneconsult AG offers holistic cyber security consulting against external and internal cyber threats such as APT, hacker attacks, malware infection, digital fraud and data leakage. We specialize in information and IT security and are your trustworthy partner for identifying, assessing, preventing and addressing information and IT security threats. Our core services are penetration testsISO 27001 security audits and IT forensics. To protect your organization and mitigate specific information security risks, Oneconsult also offers practical security consultingsecurity training and virtual security officer services. Our technical tests for office IT and SCADA/ICS cover (mobile) application penetration tests, ethical hacking, client audits, configuration and code reviews as well as reverse engineering and targeted exploit development for APT audits. Oneconsult’s dedicated security research team detects dozens of zero-day vulnerabilities per year in standard software. We have already carried out 1000+ security projectssince 2003 and have become a trusted provider to 250+ organizations worldwide covering a wide variety of industries. For  more information, visit https://www.oneconsult.com/en/ 


For more information, visit https://www.ptsecurity.com/ww-en/


Twistlock provides the industry’s first enterprise suite for container security. We monitor container activities, manage vulnerabilities, detect and isolate threats targeting containerized applications. Our technologies enable enterprises to enforce consistent security policies from development to production, thus maximizing the benefits of container computing. For more information, please visit https://www.twistlock.com


Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves application security from inception through production so that businesses can confidently innovate with the applications they build, buy and deploy as well as the components they integrate into their environments. For more information, visit http://www.veracode.com/


WhiteHat Security has been in the business of securing web applications for 15 years. Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost and accelerate the deployment of secure applications and web sites. The company’s flagship product, WhiteHat Sentinel, is a software-as-a-service platform providing dynamic application security testing (DAST), static application security testing (SAST), and mobile application security assessments. The company is headquartered in Santa Clara, Calif., with regional offices across the U.S. and Europe. For more information, visit https://www.whitehatsec.com/


Want your name here? 
Find out how by visiting our Corporate Member information page, or contact our Membership & Business Liaison, Kelly Santalucia today!  

Thank you to all of our Premier and Contributor Corporate Members for your support!





Thursday, February 16, 2017

OWASP Comprises 30% of ToolsWatch.org Top Ten Security Tools for 2016

The OWASP Community produces a lot of amazing things. This month we are glad to share that three OWASP Projects have taken spots in 2016 Top Security Tools as voted by ToolsWatch.org Readers. Congratulations and many thanks to the project leaders and many contributors to these projects! 


Zed Attack Proxy


OWASP Zed Attack Proxy Project (ZAP), a penetration testing tool that combines automatic scanning and manual tools, was voted the 2nd most popular tool of 2016.  You can join Simon Bennetts and the ZAP team by visiting the ZAP GitHub or taking this survey.





OWASP VBScan Project, the black box vulnerability scanner which detects and analyses VBulletin CMS vulnerabilities in perl, was voted 3rd most popular tool of 2016.  You watch demonstrations on the wiki page or help by following up with Mohammad Reza Espargham on GitHub.





OWASP ZSC Tool Project placed 6th in the top ten for 2016.  The project generates customized shellcodes and convert scripts to an obfuscated script. You can contribute Ali Razmjoo and Johanna Curiel's python project on their GitHub.


Thank you for your votes!!
Congratulations OWASP Project Leaders!


.

Monday, February 13, 2017

OWASP PROJECT SUMMIT EU May 9th & 10th 2017


We are excited to announce the OWASP Project Summit EU May 9th & 10th 2017. OWASP is providing a platform for project leaders on the two full days prior to AppSec Eu 2017.  Project Summits are a place for project leaders and contributors to collaborate as well as provide feedback to OWASP. The platform provides an open forum setting for ideas, discussing innovations, gaining project contributors and sharing feedback for projects with the goal of helping them advance to the next level. Use this opportunity to demo your project to others at the summit, promote for sponsorship, gain feedback, or simply brainstorm some ideas and add a few features.


   This year’s project summit will include the opportunity to work on some of the hot
   topics and initiatives being discussed at OWASP. Please give us your feedback on
   which topics you’d like to see discussed at the summit.  We’ve listed some below--feel
free to suggest others:


  • Gamification of Projects
  • OWASP Documentation Projects into github/markdown & sharing content
  • Project Review Activities and the new Conversational Review methods



If you are looking for your company, chapter or project to support OWASP Projects, we also have Great Sponsorship Opportunities.


Let's make this a success Sign up!          




Requirements for Participation:
  • Active OWASP Project started in the last 9 months.
  • Complete and updated wiki page with a clear roadmap.
  • Agenda and Deliverables for your project at the summit are required.
  • Deadline on April 10th
Funding Opportunities: (through the Reimbursement Process)
  • $750.00 for Travel Assistance per OWASP Project
  • Two Nights of accommodations for the days of the Project Summit EU.
  • OWASP Project Leaders (three leader max) receive a complimentary pass for AppSec EU


Please use our contact us form with any questions or concerns.

Contacts at OWASP Foundation: Matt Tesauro and Claudia Aviles Casanovas

Thursday, February 9, 2017

Should Your Chapter Start a Study Group?

Guest Post by Josh Sokol

Back in 2010, when I first took over as President of the OWASP Austin Chapter, I noticed that there were a number of chapter members who had an interest in getting their CISSP certification (myself included).  We knew that it would be a pretty large undertaking, spanning multiple months of effort, but also knew that we would all be more successful if we could work together and support each other through the process.  We found a test date that was far enough in the future to meet our goal of spending a week on each domain, plus a couple of weeks for review, and the first-ever OWASP Austin Study Group was born.  Each week, a different study group member was responsible for leading the discussion on a topic.  Usually it would be accompanied by a lightweight "review" slide deck and then the group would go over different sets of review questions for that week's domain together.  It worked out great with over half of the group taking their test on the goal date and almost everyone receiving a passing grade.

Once our CISSP Study Group had finished, we took a short break, but then decided that it would be fun to meet regularly on other topics.  We moved our meetings from several hours on Thursday evenings to an hour over lunch, once a week, and what began as a quest for a certification turned into a continuous pursuit of knowledge.  Over the past seven years, the OWASP Austin Study Group has covered dozens of topics ranging from the OWASP Developers Guide to WebGoat to the Web Application Hackers Handbook and beyond.  Today, we even offer to buy the next book for anyone who attends 75% or more of the study group sessions for the current book.  It is a fantastic way to keep participants engaged and ensure optimal participation each week.

So, how do you start a study group for your chapter?  The first step is to find a group of people who have a common interest.  This is super easy since your chapter meetings should be full of people interested in application security.  The next step is to find a place and time to meet.  Ideally, this should be someplace relatively easy for everyone to get to with free parking and enough space for everyone who wants to attend.  Having a projector or other audio-visual equipment available is a huge bonus.  Offices that allow outside visitors are ideal for this, but libraries, restaurants, or coffee houses could also make great meeting locations.  Lastly, you need to choose a topic.  Perhaps you want to start, like we did, with a goal of getting a certification like the CISSP, CEH, CSSLP, OSCP or similar?  Or, maybe you want to start easy with something like the OWASP WebGoat tutorials?  If you want some ideas, feel free to talk to me, but regardless of what topic you pick, you'll undoubtedly have a ton of fun learning new things while developing relationships with other security professionals in your area.  Have fun!

Monday, February 6, 2017

OWASP Project Releases


New Release 2/6/17
  • Change Session to no longer call/use ExtensionActiveScan.
  • Change ActiveScanController to obtain the excluded URLs (session and global) instead of having the Session to set them.
  • Change ExtensionActiveScan to allow to set a list of excluded URLs and to not change running active scans, normalizing the behavior with the normal spider.

New Release 1/19/2017 Latest Release Version 1.1.4

Code Pulse 1.1.4 brings along updates to the distributed stack:
  • ASM has been updated to version 5.1 - this enables Java 8 tracing support
  • Java, Jetty, and NW.js have been updated to the latest versions
  • Dependency-Check has been updated to the latest version



New Release 1/30/2017 Latest Release Version v2.21.2

  • The name field of all challenges was changed to a more human- and CTF-friendly form (see #264)

OWASP Off  The Record 4 Java

OWASP Foundation would like to welcome Project Leader Jigar Joshi !

Type of Project: Code Project
Brief Description:
Privacy is daily reality for many internet users. Eavesdropping user's content and using it for various reason is not desired by many of the application users. Putting trust on communication channel, service provider or government not to intercept your content is not a good idea.
OTR framework solves this problem by cryptographically processing the users content in transit and at rest. No eavesdropper can read the content, not even the service provider.

Friday, February 3, 2017

OWASP Operations Update for February 2017

Welcome to the operations update for February 2017.  This continues the series of blog posts updating the community about the happenings at the OWASP Foundation.  The previous post is available here.

Major efforts, status of those efforts and important changes from last time:

OWASP is evaluating hosting providers.  After Rackspace discontinued their donation of hosting services, OWASP is evaluating options for hosting its IT infrastructure.  We discovered this on January 31st after speaking with our account representative at Rackspace.

  • First, thanks to Rackspace for providing up to $2,000 USD in cloud hosting on Open Stack since the fall of 2011.  The long term donation of hosting was very helpful and greatly appreciated.
  • OWASP is reviewing our current hosting needs and evaluating whether to stay or migrate to a different hosting provider.  Wherever we end up, it will be an API-driven, elastic cloud based hosting provider.  After years of being on Open Stack, we don't want to leave a dynamic infrastructure environment.
  • A plan for hosting both short and long term will be in place by February 10th, 2017
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence.  Since last month, we've:
  • Continued to make progress on Phase 1 - updating the wiki to 1.27.x
    • Ansible to deploy the wiki servers has been written and tested
    • We are holding the deployment temporarily due to the unanticipated end of Rackspace's hosting donation
    • We're spending the week of Feb 6th to determine where to host the updated production version - either at Rackspace or a new provider.  This may require some minor changes to the Ansible deploys to replace the Rackspace specific portions.
  • Next up Phase 2
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large.  Here's where our efforts on this were focused in January:
  • Migration to Discourse from Mailman
    • SaaS provider setup a production instance of Discourse for OWASP in mid-January
      • Should have been an empty instance to fill with the migration data
      • Regrettably the provider moved our test data aka cruft over to production by mistake
      • The production site is getting the test data removed currently
    • Schedule for migration is up in the air due to the potential hosting changes and the demand on staff time to adjust and plan for that change.  Its on the short list, we're just not sure where at this moment.  Scheduling will be part of the hosting plan completed by February 10th, 2017.
  • Beta program for the Foundation's Global Meetup account is continuing.
Other Major Efforts in progress
  • Association Management System (AMS)
    • Kate completed a week long training on the new system - training was provided as part of the licensing of the AMS software
    • Implementation of the AMS including migration of the current system to the new system is planned for early February as soon as the membership plan (below) is finalized by the OWASP Board.
    • Migration is a complicated effort of contractors and OWASP staff and is expected to take between 8 and 12 weeks and include significant clean-up of our Salesforce data.
    • Blocked: waiting on the board decision on the proposed membership changed below
  • Updating Membership Models
Projects
  • Health Checks on all OWASP Projects were started during January and completed on the 30th
    • Beyond the normal health checks, all wiki and Salesforce data was cross-checked
      • Current releases for all projects were added to Salesforce in preparation for future project meta-data automation
    • Next steps
      • Abandoned and outdated projects in Salesforce will be cleaned up
      • Project Leaders will be contacted for any missing or out-of-date information
  • GSOC 2017 is gearing up!
    • Application for Participation will be submitted to Google on February 9th
    • 9 projects have submitted for participation
    • More information on the GSOC 2017 Blog post
  • Volunteers Needed
    • We've got several projects under review and need your help with reviews - let us know you're up for the challenge with the Contact Us form.
  • New Project: OWASP Off The Record 4 Java Project
  • Project Handbook Update
    • The content of the project handbook is being converted to Markdown and moving to Github in February for a thorough review and update 
      • PRs and issues are encouraged and will be gladly accepted - source controled, versioned Project Handbooks, oh my!
      • Look for an announcement later in February via the Leaders List and our various social networks of the Github repo for the Project Handbook
    • Once the new content is finalized, it will be converted from Markdown and posted on the wiki.
      • Future updates will happen on Github and the wiki page will be set to the current 'stable' version
Updates on events for 2017
  • 2017 started with a successful AppSec California 2017 conference on January 23rd to 25th
  • AppSec EU - Belfast, UK
    • Sponsors: 13 exhitbits + 3 a la carte
    • 4 keynotes confirmed
    • CFP closed & CFT closed with selection finalized
    • Call for Activities open
  • AppSec USA 2017 - Orlando
    • Call for Papers & Cal for Trainings in progress - available soon
    • Initial website launched
  • Many upcoming regional, local and outreach events - find out the details on the events wiki page
Membership and Outreach
  • Membership for 2017 is starting out strong - already at 10% of the yearly goal!
    • Total individual members: 2,430
    • Total corporate members: 69
  • Updated Membership information - check it out 
  • Membership video
    • Proposal to create a membership video was approved - work on it begins on February 6th
  • Membership Model Update board vote (mentioned above) is eagerly awaited so planning of the June membership drive can continue
Community
  • Chapter Leader Handbook is ready for review 
  • Other documents ready for review
  • Search and evaluation of a marketing company is pending finalizing the 2017 OWASP Foundation budget
As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need, let us know using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the February 8th Board meeting.

Your friendly neighborhood OWASP staff: 
     Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Monday, January 30, 2017

OWASP Connector January 2017

OWASP Connector | December 21, 2016
Communications

OWASP Operations Update

OWASP in the News!

projects

Project Graduation Updates

Combating the Vulnerability Chaos with OWASP DefectDojo

Google Summer of Code Program

Conference

Global AppSec Events

Local and Regional Events

Project Summits

Partner and Promotional Events

chapters

New Chapters!

Ottawa Chapter on Becoming a Community

membership

New and Renewing Corporate Members

New Membership Proposal

Social Media

OWASP Foundation Social Media


Communications
OWASP Communications

OWASP Operations Update

Operations updates are posted on the blog before each month's board meeting.  This update is from January 6, 2017
Welcome to the first operations update for 2017. We started monthly blogs about what's happening at the OWASP Foundation back in December.
Here's our major efforts and status of those in process starting with updates from last time:
The Website Reboot aka TWR - a major effort to update and modernize OWASP's web presence. Since last month, we've
  • Made progress on Phase 1 - updating the wiki to 1.27.x
    • Got the wiki source and all extensions in Git repos
    • Started coding Ansible to automate our deploys and updates
    • Production roll-out - mid-January
  • Next up Phase 2 - Updating the look and feel of the OWASP Wiki
    • Blocked: waiting for the 2017 Budget to get approved by the OWASP Board
The OWASP Communications Plan - a staff-created plan to professionalize how OWASP interacts with its community and the world at large. There’s a ton of moving parts to this effort but here’s what we focusing on currently:
  • Migration to Discourse
    • Evaluation of Discourse showed it would fit our needs
    • Worked with/reverse engineered the Discourse API to ensure we can automate:
      • Migration from Mailman
      • Future operational tasks
    • An empty production site is expected mid-January
  • Beta program for the Foundation's Global Meetup account is continuing.
Two new major, interlinked efforts
Two major efforts are starting this month - a significant upgrade to OWASP's Association Management System (AMS) and the proposed plan for updating our membership models.
  • Association Management System
    • Planned for February 2017
    • Runs atop the OWASP Foundation's Salesforce account
    • Handles many operational aspects: membership, conference registrations, etc
    • New AMS allows us to re-think our past membership model
    • Beginning the first week of February, we'll start the migration to the new AMS
    • Blocked: Board did not vote on the membership changes below during the Jan 11th Board Meeting; on hold until the February 8 board meeting.
  • Updating Membership Models
    • New plans created by staff based on past community, board and staff discussions
    • Account for diverse membership
    • Developed to optimize accessibility and growth
    • Request to the OWASP Community: Please provide feedback prior to the Jan 11th Board Meeting when staff is asking for approval of the new membership plans. The links above allow for public comments.
Projects
  • New projects
    • 2 Documentation projects
    • 5 Tool projects
    • 2 New Code Projects
    • Project Reviews
    • Multiple projects under review - look for requests for feedback this month!
Updates on Events for 2017
  • AppSec EU 2017
    • CFP & CFT Final Review
  • AppSec USA 2017
    • CFP and CFT planned to open by the end of January - look for announcements soon!
  • AppSec California 2017 happens January 23 - 25 in lovely Santa Monica CA
Membership and Outreach
  • Member numbers for December
    • 2048 Individual members
    • 70 Corporate members
  • Membership drive planning begins - tentative June launch
Community
  • Claudia and Tiffany have started the planning for an updated OWASP Volunteer program
    • Planned enhancements include searchable descriptions of opportunities, details including expected time commitment and volunteer profiles
  • Women in AppSec (WIA) Committee has been formed - Congrats!
  • Chapter Leader Handbook updates continue - draft version tentatively available at Feb Board Meeting
  • Pending a board vote: Request for a committee to be invite only as an exception to the Committee 2.0 rules
As always, the OWASP staff are here to help make the OWASP community even stronger. If you have any question, concern or need, let us know by using the ‘Contact Us’ form here.
Your friendly neighborhood OWASP staff:
Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt


OWASP in the NEWS!

OWASP AppSec California Brings Diversity to the Beach – ITSP Magazine, January 27, 2017
Cyber security career has massive potential – Belfast Telegraph, January 3, 2017

projects
OWASP Projects

Project Graduation Updates

Graduation is the process by which Projects move between Incubator, Labs, and Flagship levels. It includes a self review, followed by a review by our Senior Project Coordinator Matt Tesauro, and finally certified by our community through peer review. You can read about our recent Project Graduates or sign up to be a peer reviewer.


Combating the Vulnerability Chaos with OWASP DefectDojo

Greg Anderson invites you streamline your entire application security process by exploring DefectDojo with a live demo of the vulnerability aggregation tool.


OWASP is Once Again Participating in the Google Summer of Code Program

It is that time of year again! OWASP will participate in the Google Summer of Code (GSoC). We love that GSoC is a great vehicle to introduce students to both open source projects and application security with real, hands on projects. Long time Project Leader Konstantinos Papapanagiotou notes “GSoC is an amazing opportunity for projects to make significant progress in terms of code and attract new, enthusiastic contributors. On a personal basis I enjoy GSoC because it gives me the opportunity to interact with numerous students around the world and participate in one of the largest open source initiatives.”
To read more about this event and sign up to participate check out our blog post.

Conference
OWASP Events

Global AppSec Events

AppSec Europe 2017  8–12 May, 2017, Belfast, UK
AppSec USA 2017   September 19–22, 2017, Orlando, Florida, USA


Local and Regional Events

AppSec Africa 2017   February 1–2, 2017, Casablanca, Morocco
SnowFROC 2017   March 16, 2017, Denver, CO, USA
Latam Tour 2017   April 3–28, 2017, South America
OWASP Middle East Cyber Security Conference 2017   May 3–4, 2017, Dubai, UAE


Project Summits

OWASP Project Summit 2017 June12–16, 2017, London, UK


Partner and Promotional Events

Cyber Resilience & InfoSec 2017  February 6-7, 2017   Abu Dhabi, U.A.E.
SC Congress London   February 23, 2017   London, UK
CyberCentral   April 4-6, 2017   Prague, Czech Republic
QuBit Conference 2017   April 4-6, 2017   Prague, Czech Republic   OWASP members save 10% by using discount code: QB17OWASP
Cyber Security North Africa Summit   April 26-27, 2017   Cairo, Egypt  
SC Congress New York   May 2, 2017   New York, NY
Techno Security & Digital Forensics Conference  June 4-7, 2017   Myrtle Beach, SC
SC Congress Toronto   June 13-14, 2017   Toranto, Canada

AppSec EU 2017

chapters
OWASP Chapters

New Chapters!

Welcome to our new chapters in January!
Trichirappalli New Jersey Central
Chattanooga Surat
Vellore Iowa City
Ankara  
In 2016 OWASP grew in 2016—especially in Asia and the Middle East.
Jakarta Haryana
Mexicali Cebu
Malta Tallahassee
Varanasi Botswana
Richmond Punjab
Jodhpur Riviera Maya
Pondicherry Gandhinagar
Tripoli Sāo José dos Campos
Durgapur Medellin
Okinawa Fukushima
Burkina Faso Visakhapatnam
Alexandria Jalandhar
Cuttack  


From uni-directional to vibrant and dynamic: Ottawa Chapter on becoming a community

There are two challenges that consume most chapters: getting speakers and growing their community. The Ottawa Chapter documented their approach to growing 450% in one year. The key to their success was diversity of activities and actively courting a diverse membership. You can read more about their experiments on the blog.


Request for Blog Content

OWASP would like to start spotlighting chapter activity on our blog. If your chapter hosted and recorded an amazing talk that just NEEDS to be shared, or perhaps you ran a great event and would like to help other chapter follow suite think about writing a blog post to be shared on the OWASP Blog. Contact our community manager, Tiffany Long for more details.

Membership
OWASP Membership
We would like to thank the following companies for supporting the OWASP Foundation. The companies listed below have contributed this month by either renewing their existing Corporate Membership or joining OWASP as a new Corporate Member. Details about Corporate Membership can be found here.
 
Contributor Corporate Members
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
 
Organizations worldwide use Black Duck’s industry-leading products to automate the process of securing and managing open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.
 
Cybozu%2BLogo%2B2017
Cybozu is a Japanese cloud computing vendor founded in 1997. Its service supports effective team collaboration hence our services are widely used from large-scaled teams like multinational enterprises to small-scaled teams like volunteer groups, clubs even families. “kintone” is one of the Cybozu’s key products released in 2011.
It is called "no-code application platform" which makes work more productive through business applications. It is recognized as one of the leading vendors in” Gartner 2016 Enterprise application Platform as a Service (aPaaS), Worldwide Magic Quadrant”.
Cybozu has been focusing on security enhancement. It has started "bug bounty project" in 2013 to find any vulnerabilities which may exist in its product in order to provide its customers with the most secure service possible.
For more information about Cybozu, please visit https://www.cybozu.com/jp/.
 
Want your name here? Find out how by visiting our Corporate Member information page, or contact or contact our Membership & Business Liaison Kelly Santalucia today! Thank you to all of our Premier and Contributor Corporate Members for your support in 2017!


New Membership Proposal

Over the last several months there have been a number of ideas put forth for how to modernize our membership plan from simply adjusting the cost to developing an entirely new membership organization. Our current membership plan is in need of optimization. This proposal includes back end system integration upgrades and modern price tier structures.
Concurrently, OWASP is upgrading our Association Management System (AMS) this spring; some of the improvements in the AMS will allow us to think about membership in a host of new ways. To this end our Operations and Membership team have put together a Flexible Individual Membership plan and updated our Corporate Membership plan. These plans account for our diverse membership are developed to optimize accessibility and growth. We are asking for the Community to provide feedback and the Board to vote on them at the February 8 meeting so that they may be included in the February AMS migration.

Feedback can be submitted via the board list or by attending the board meeting

Social Media
OWASP Social Media

OWASP Social Media Sites