Friday, June 2, 2017

OWASP Operations Update for June 2017

Welcome to the operations update for June 2017, the ongoing series of updates on what's happening at the OWASP Foundation.  Last month's post is available here.

Major efforts, status of those and important changes from the last time:

OWASP IT Infrastructure Hosting - Modernizing and migration the OWASP infrastructure after Rackspace ended their donation of hosting.

  • Remaining hosts at Rackspace
    • OWASP Wiki
      • Servers for the wiki will be migrating to AWS - held for AppSec EU and hiring a new IT Contractor after the last left for a startup - wishing them success in their new gig.
      • New IT Contractor started on June 1
    • Mailman server
      • Will be decommissioned after a gradual, phased migration to Discourse of the existing, active lists.  More on Discourse below.
      • Mail archives will be moved to a new server with the same URL structure
    • Virtual-host server providing redirects and static website content
      • Ansible created to deploy virtual-hosts for either redirects or static sites by adding a few lines to a config file
      • Ansible tested on the *.appseccalifornia.org domains successfully
The Website Reboot - aka TWR - A major effort to update and modernize OWASP's web presence
  • Phase 1 - Complete
  • Phase 2 - Wiki style updates
    • RFP for the wiki style upgrade is currently being drafted
    • RFP will include a responsive MediaWiki theme plus CSS and associated style guide
    • Style guide will be used to style other OWASP web site such as Discourse, the blog, etc.
  • Phase 3 - Single Sign-on
    • SSO using @owasp.org identities will be POC'ed during the AMS migration
  • Phase 4 - Wiki content and organization
    • Internal R&D completed. RFP will be drafted after Phase 2 (Style) RFP
The OWASP Communication Plan 
  • Discourse as a replacement for Mailman
    • Dev instance deployed to assist with REST API automation efforts
    • Test instance deployed to alpha test structure and organization of content
    • Leader Sandbox being deployed to allow leader experimentation and to test SSO with @owasp.org and other identity providers (Github, Twitter, Facebook, ...)
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Goal 
  • TLDR: Host 4 trainings worldwide of ~500 attendees geared toward developers and entry-level security professionals - further details on the wiki.
  • 4 locations finalized
    • Israel - mid-October
    • Tokyo - late September
    • Boston - October
    • Bangalore - November
  • Call for Trainers content has been created, call for trainers will launch in June
Association Management System (AMS) upgrade 
  • Highly complex, multi-step process taking 8 to 12 weeks
    • Accounting module - Complete
    • Membership module - in process, waiting for custom dev work to complete
    • Events Module - in process, will be used for AppSec USA 2017 registrations
  • Current and future benefits
    • Multi-currency support in a single registration system
    • Significant improvement for event registration and membership renewals especially for OWASP Leaders
    • Reduced use of discount codes for registrations e.g. no more leaders code
    • Ability to modify an existing registration e.g. add training to an existing conference registration
    • Membership renewals - new 2 click process
    • Membership renewals - optional auto-renewals
    • Better insight for Chapter/Project leaders on the status of their efforts
      • Simplified Chapter/Project leader merchandise requests
    • Unified and streamlined funding and reimbursement requests
Projects 
Events 
  • OWASP Summit in London - there's still time to register and attend
  • AppSec USA 2017 - Orlando
    • CFP Round 1 complete - speakers and trainers notified
    • CFP Round 2 has begun - ends June 15th
    • Project Summit in Orlando at AppSec USA 2017 - Sign-ups now open!
    • Sponsorships to date: $335,000 - info on opportunities 
  • AppSec EU 2017 in Belfast was a fantastic event
  • OWASP at Blackhat USA 2017
  • WASPY Awards are right around the corner - start thinking of our awesome unsung heroes you'd like to nominate
Community
  • Successful group orientations in Japanese and Spanish for Chapter leaders
    • Fast growing languages among OWASP Chapters
    • Native language chapter organizations were coordinated successfully
  • Leader Workshop at AppSec EU
    • Major upcoming changes were discussed with leaders at that conference
    • Couldn't attend? See the blog post for the details you missed.
Serving the Community 

Per the request of the OWASP Board, we've included a chart of the staff's interaction with the broader OWASP community via submitted cases to the Foundation. We continue to push beyond the 10,000 total case envelope.

Cases for 2017


As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need something please let us know using the 'Contact Us' form. Also, feel free to attend, suggest or otherwise engage with the OWASP Foundation further at the June 7th Board Meeting.

Your friendly neighborhood OWASP staff:
    Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt 

No comments: