Monday, July 24, 2017

OWASP PROJECT SUMMIT USA 2017



September 19th - 20th, 2017
APPSEC USA 2017


Come join the Project Summit USA an open forum of discussions and collaborations!

Let's make this a success Sign up!    

Add your Hot Topics here

Current Hot Topics Listed:
  • Discourse
  • Kickstarter
  • Reimbursement Process


Use this opportunity to demo your project to others at the summit, promote for sponsorship, gain feedback, get some contributors or simply brainstorm some ideas and add a few features.

Requirements for Participation:
  • Active OWASP Project started in the last 9 months.
  • Complete and updated wiki page with a clear roadmap.
  • Agenda and Deliverables for your project at the summit are required.
  • Deadline on September 5th !
Funding Opportunities: (through the Reimbursement Process)
  • $750.00 for Air Travel Assistance per OWASP Project
  • Two Nights of accommodations for the days of the Project Summit USA
  • OWASP Project Leaders (three leader max) receive a complimentary pass
                for AppSec USA 2017.

Please use our contact us form with any questions or concerns.
Contacts at OWASP Foundation: Matt Tesauro and Claudia Aviles Casanovas

Monday, July 17, 2017

July 2017 Corporate Members


July 2017 Corporate Member

We would like to thank Peach for supporting the OWASP Foundation.  
Peach has contributed this month by joining OWASP as a new Corporate Member.  

Details about Corporate Membership can be found here.


Contributor Corporate Member

Peach Tech provides advanced security testing solutions and leading-edge products, such as the innovative + automated Peach APISecurity: Peach API Security intelligently executes a series of fuzz tests and passive security tests on your web APIs. Comprehensive test results empower your team to mitigate security vulnerabilities. Each uncovered vulnerability includes actionable data. Peach APISecurity supports many CI systems and test suites, and transforms unit tests into security tests. We also developed the robust fuzzing platform Peach Fuzzer. We customize testing strategies for security-minded clients engaged in all stages of development. Leverage the power of Peach Tech to secure your world.

For more information, please visit: https://www.peach.tech/





Want your company name here? 
Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today!  


Thank you to all of our Premier and Contributor Corporate Members for your support!

Wednesday, July 5, 2017

2017 WASPY Nominees Have Been Announced!




We are excited to announce the 2017 WASPY Award nominees have been announced!

We had a tremendous amount of nominations this year. Thank you for nominating your favorite WASPY!

Best Community Supporter Category Nominees Are...
Aatral Arasu
Sean Auriti
Nicole Becher
Ken Belva
Tony Clarke
Dinis Cruz
Christian Folini
Joaquin Fuentes
Brendan Gormley
Tanya Janca
Jeremy Long
Akash Mahajan
Dhiraj Mishra
Denise Murtagh-Dunne
Owen Pendlebury
Mick Ryan
Sriram Shyam 
Michelle Simpson
Steve Springett
John Vargas
Tara Williams

Best Mission Outreach Category Nominees Are...
Aatral Arasu
Sean Auriti
Tony Clarke
Christopher Frenz
Joaquin Fuentes
Tanya Janca
Kitisak Jirawannakool
James Manico
Mateo Martinez
Mark Miller
Dhiraj Mishra
Owen Pendlebury
Sriram Shyam
Noreen Whysel

Best Innovator Category Nominees Are...
Aatral Arasu
Sean Auriti
Glenn & Riccardo ten Cate
Mark Deenihan
Seba Deleersnyder
Christopher Frenz
Joaquin Fuentes
Brian Glas
Evin Hernandez
Jeremy Long
Daniel Miessler
Dhiraj Mishra
Bernhard Mueller
Steve Springett
thc202



Best of luck to all the nominees!

More information about the WASPY Awards can be found here.















Monday, July 3, 2017

OWASP Code Sprint 2017 - Student Selections


OWASP Foundation is pleased to announce the student selections for the OWASP Code Sprint 2017 There were 32 student proposals submitted and it was a very challenging decision to only select 14 Student Slots.

Below are the Student Selections by Project:

OWASP Hackademic Project 
Student Selection:  Pavlos Zianos

OWASP DefectDojo Project
Student Selection: Eric Anderson

OWASP Appsensor Project
Student Selection: Rutuja Surve

OWASP Security Knowledge Framework  Project
Student Selections:  Wojciech ReguĊ‚a & Heeraj H Nair

OWASP ZCS Tool Project
Student Selection: Nikhil R

OWASP ZAP Project
Student Selections: Anamika Das & Blay Kevin Cedric Achi

OWASP Bug Logging Tool
Student Selections: Mohit Anand, Raghav Jajodia & Siddharth Goyal, Sourav Badami

OWASP OWTF Project
Student Selections: Anshul Singhal & Tikam Alma


More Mentors Welcomed
Do you want to become a mentor for a student?
Choose a participating OWASP project from the OWASP Code Sprint 2017 

Thank you to all the students that have submitted applications.

Program Leaders:
Kontantinos Papapanagiotou
Fabio Cerullo
Spyros Gasteratos

Claudia Aviles Casanovas, Project Coordinator

Sunday, July 2, 2017

OWASP Operations Update for July 2017

Welcome to the operations update for July 2017, the ongoing series of updates on what's happening at the OWASP Foundation.  Last month's post is available here.

In a bit of a departure from previous formats, we're starting with an announcement you may have already heard - OWASP Foundation employee #1 and #2 have left OWASP.  Alison (November 2007) and Kate (May 2008) had their last days at OWASP on Friday, June 30th.  The entire OWASP community owes a huge debt of gratitude to these two employees who helped turn a scrappy group of AppSec people into the thriving community that is OWASP today.  They've dealt with problems great and small while always keeping the OWASP core values in mind and seen drastic changes from:

  • Discovering there wasn't a signed contract for a venue a week out of start of AppSec USA 2008 in NYC
      to
  • Hosting AppSec conferences in the US, EU, LATAM, APAC and many, many regional events
      or
  • Staff growing from an accountant to 8 (and now back to 6)
      or
  • Spreadsheets to Salesforce to over 10,000 community submitted cases worked
I"m not sure how you do this in a blog, but here goes:  <silence>moment</silence> 

Please thank them for all their hard work over a decade and, if you see them in person, treat them to the beverage of their choice.  Now back to our regularly scheduled blog post...

OWASP IT Infrastructure Hosting - Modernizing and migrating the OWASP infrastructure 
  • Remaining hosts at Rackspace: OWASP wiki, Mailman server, Virtual-host server providing redirects and static content
    • These are on hold until staff is back to full strength
  • For the current status, see last month's update.
The Website Reboot - aka TWR - a major effort to update and modernize the OWASP web presence
  • Phase 1 is complete
  • Phase 2, 3 and 4 are in process
  • These are oh hold until staff is back to full strength
  • For the current status, see last month's update.
The OWASP Communication Plan 
  • Discourse as a replacement for Mailman
    • On hold until staff is back to full strength
    • For the current status, see last month's update
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Goal 
  • TLDR: Host 4 trainings worldwide of ~500 attendees geared toward developers and entry-level security professionals - further details on the wiki.
  • 4 locations finalized: Israel, Tokyo, Boston, Bangalore
  • Call for Trainers anticipated to launch mid-July
Association Management System (AMS)_Upgrade 
  • Highly complex multi-step process taking 8 to 12 weeks
  • 95%+ complete
    • Membership, Renewals, Conference Registration, Multi-currency support, reduced need for discount codes and many more improvements
  • A few minor issues, tweaks, changes and bugs to work through before 100% complete
Projects 
  • AppSec USA 2017
    • CFP and CFT closed - Speakers and Trainers notified by July 5th
    • Final schedule upload to Shcd.org is nearly complete
    • Loads of final details being hammered out
  • AppSec EU 2018
    • Finalizing Gantt Chart
    • Conference budget built out
    • Multiple RFPs out for bid
  • AppSec APAC 2018 - proposal under review
Membership 
  • 59 Corporate Members
    • $180,000 (45% of yearly goal)
  • 2,733 Individual Members
    • $69,335 (63% of yearly goal)
  • 2017 WASPY Awards
    • Call for nominees closed on June 30th
    • 32 submissions excluding any last minute additions
  • 2017 Global Board of Directors Elections
    • 16 candidates as of June 30th
    • Milestone reminders are being sent to the community
  • Developer Summit at AppSec USA 2017
    • Looking for trainer/volunteers to present at this event!
  • Blackhat USA 2017
    • Kelly and Matt will be attending at the OWASP booth representing the OWASP staff
    • Volunteer slots have all been filled to help with the booth
    • Swag and other booth items ordered and will be shipped to the event
Community  
  • The first of several volunteer portal surveys is going out early July
  • Presentation from the Leaders Meeting at AppSec EU 2017
  • OWASP Summit in London retrospective
    • EU chapter leaders raised concerns about chapter legal status in the EU
    • EU VAT/tax issues were also raised
    • Storage of physical assets of chapters is a growing concern
    • Leaders would like reimbursement system to include standardized budget codes
  • OWASP LATAM
    • Spanish translation of the chapter orientation is in progress
Serving the Community 

Per the request of the OWASP Board, we've included these charts of the staff's interaction with the broader OWASP community via submitted cases to the Foundation.  We passed the 10,000 case mark in early 2017.

Cases for 2017


As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need something please let us know by using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the July 5th Board meeting.

Your friendly neighborhood OWASP staff:
  Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt

Monday, June 19, 2017

June 2017 Corporate Members


June 2017 Corporate Members

We would like to thank the following companies for supporting the OWASP Foundation.  
The companies listed below have contributed this month by either renewing their existing 
Corporate Membership or joining OWASP as a new Corporate Member.  

Details about Corporate Membership can be found here.


Contributor Corporate Members


Headquartered in downtown Manhattan, CipherTechs, Inc. is a privately held information security services provider. We focus on delivering security solutions for businesses harnessing the power of Internet communications. We audit, design and implement information security solutions in areas of IP networking, firewalls, application security, risk assessment, traffic management, encryption, redundancy and strong authentication. For more information, please visit http://www.ciphertechs.com.


Sonatype secures modern software development by fixing at-risk applications, automating policy throughout the lifecycle and identifying hidden risks in your applications. Sonatype's Component Lifecycle Management identifies and tracks OSS components, automates and enforces policy, and prevents the use of flawed components throughout the software lifecycle. Ask about free risk assessments. More information about Sonatype can be found here http://www.sonatype.com.

We are a software company and community of passionate, purpose-led individuals. We think disruptively to deliver technology that addresses our clients’ toughest challenges, all while seeking to revolutionize the IT industry and create positive social change. ThoughtWorks' 3,000 professionals serve clients from offices in Australia, Brazil, Canada, China, Ecuador, Germany, India, Italy, Singapore, South Africa, Turkey, Uganda, the United Kingdom and the United States. ThoughtWorks releases a regular technology radar, a study that looks at the key trends that impact the software development and business strategies. The Radar helps companies stay on top of topics that are constantly evolving, such as security, and offers insight and practical tools to build secure systems at every stage of the development process. For more information, please visit http://www.thoughtworks.com/




Want your company name here? 
Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today!  


Thank you to all of our Premier and Contributor Corporate Members for your support!


Friday, June 16, 2017

AppSec USA 2017 Developer Summit Call for Session Volunteers



AppSec USA 2017 Developer Summit 

We are excited to announce that OWASP will once again be holding a two day Developer Summit at AppSecUSA 2017 on September 19 & 20, 2017. OWASP is providing a structured platform for Developers two days prior to the AppSec USA 2017 conference. The Developer Summit will consist of sessions geared toward learning about security vulnerabilities.

If you have an interesting topic and would like to volunteer to host a training session, please SUBMIT HERE.  For topic ideas, you can reference the AppSec Eu 2017 DevSummit agenda. There are limited funds available to help offset the selected presenters travel and one night hotel accommodations.  

The Call for Presenters will close on July 14, 2017. Individuals will be notified on or before July 21, 2017 if their session was chosen. Please note: a conference ticket is NOT included, however you may purchase one separately. 

There is no charge to attend the Developer Summit, so come join us! We do ask that if you plan on attending that you do SIGN UP so we have an estimated headcount to be sure we have enough space and food.

More details and the agenda are coming soon!
Questions? Please submit them here.