OWASP Connector | December 30, 2015

OWASP 2015 - A Year of Milestone Achievements

Partner and Promotional Events

Contributing Corporate Members

OWASP 2015 - A Year of Milestone Achievements

Sometimes an open source, community driven, volunteer resourced group like OWASP feels like a bunch of individuals, all working separately without a great deal of coordination. BUT, then the magic of the OWASP curiosity, innovation and 'team-work' kick in, and great things happen. Did you know that OWASP Achieved the following milestones in 2015?

Held 2 of our most successful Global AppSec Events ever with record breaking attendance in both Amsterdam & San Francisco.

Held 2 Project Summits during AppSec 2015 that allowed 100's to jump in with 'hands-on' work on a variety of OWASP Projects.

Reached a new Individual Membership high of over 2,500 voting members who contributed to the OWASP Foundation.

Grew our Chapters significantly in 2015 including new chapters in India, Africa, Asia and eastern Europe.

Produced some major public releases of new Project content including Security Shephard v3.0, Application Verification Standard, Mobile Security, and Seraphimdroid v2.0 to name just a few!

Increased funding support for our Chapters & Projects with the hiring of a Full-Time Project Coordinator, as well a new policy on providing 'seed-money' funding to all Projects & Chapters that qualify.

There are so many more achievements in 2015 and all can be found in back issues of our OWASP NewsFlash & Connector newsletters.

On behalf of the entire Operations team, we look forward to making 2016 an exciting and productive year for OWASP.

Best Regards, Paul Ritchie
OWASP Executive Director
paul.ritchie@owasp.org

OWASP in the NEWS!

Hacker Earns 50k Miles by Exposing Vulnerability in United Airlines Website - HackRead.com

OWASP Proactive Tips for Coding Securely - DZone.com.

Toolswatch '2015 Best Security Tool' survey: Please vote for your favorite OWASP security tools! - Toolswatch.com

OWASP Podcasts

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

Mark Miller - OWASP 24/7 Podcast Series

OWASP Projects

Project Updates

Claudia Aviles-Casanovas, our Projects Coordinator, has shared her latest Project Task Force Update. The task force is still seeking volunteers to review the OWASP SeraphimDroid Project:

https://docs.google.com/a/owasp.org/presentation/d/10zCyCtcJbU9Gf4TdQ4GKJG7vvfbhb_Lhk1rt6PW7S3M/edit?usp=sharing

Maura Van Der Linden has been contracted by Simon Bennetts to help with the new intro document to get users who are new to pen testing started in ZAP.

Thank you to Gabriel Gumbs for the donation: https://www.owasp.org/index.php/OWASP_Application_Security_Program_Quick_Start_Guide_Project

For anyone who wants to help with our Free Training initiative, Gabriel personally welcomes more contributions. Visit: https://www.owasp.org/index.php/Education/Free_Training

Call for Translators

Andrew van der Stock has issued a call for translations for the ASVS project! https://github.com/OWASP/ASVS

As such, we've committed v3.0.1 into GitHub and uploaded it to Crowd In: https://crowdin.com/project/owasp-asvs/

You don't HAVE to use Crowd In, but it would be nice to indicate to other native speakers of your language that you are willing to work together. This is a 70 page document, and in all honesty, will take a dedicated person a week or more to translate, so please please please work together rather than apart. You have full access to the original document and the original images.

In the next month or so, Andrew would like to close out all the issues logged in GitHub, so he will give active translators a heads up of any changes to the master document, so again, a good reason to use Crowd In so we know who you are.

If there are any incomprehensible English idiom or phrases in there, please don't hesitate to ask for clarification, because if it's hard to translate, it's almost certainly wrong in English as well. You can reach Andrew at vanderaj@owasp.org

	OWASP Events
Global AppSec Events
OWASP AppSecEU - CALL for PAPERS Don't miss the opportunity to present your Paper! 27 June - 1 July 2016 The next OWASP AppSecEU (http://2016.appsec.eu/) will take place at the Marriott Park Hotel in Rome, Italy. The Open Web Application Security Project is an open-source project for application security. Don't miss the opportunity to share and discuss your ideas and knowledge with other experts and practitioners. Present your paper now!! Spread the knowledge of this big opportunity within your chapter and push towards Universities, Research Centers, Industries, asking to present papers in order to make this conference a unique one!! Topics of interest include, but are not limited to: Novel web vulnerabilities and countermeasures New technologies, paradigms, tools OWASP tools or projects in practice Secure development: frameworks, best practices, secure coding, methods, processes, SDLC Browser security Mobile security and security for the mobile web REST/SOAP security Security of frameworks Large-scale security assessments of web applications and services Privacy risks in the web and the cloud Management topics in Application Security: Business Risks, Awareness Programs, Project Management, Managing SDLC To submit a proposal use EasyChair. The program committee will review your submission based on a descriptive abstract of your intended presentation. Feel free to attach a preliminary version of your presentation if available, or any other supporting materials. Keep in mind: the better your description is, the better our review will be. Please review your proposal thoroughly as accepted abstract and bio submitted will be published 1:1 on our site. If your presentation is accepted for inclusion in the conference program, you are free to submit a white paper describing your work, which will be added to the website. Important dates: Submission deadline: January 15th, 2016 Notification of acceptance: February 29th, 2016 Conference date: June 30th - July 1st, 2016 Call for Training: https://2016.appsec.eu/important-dates/call-for-training Call for Presentation: https://2016.appsec.eu/important-dates/call-for-papers Sponsorship Document: http://2016.appsec.eu/wp-content/uploads/2015/10/AppSecEU-2016-Rome-Sponsorship-Document.pdf Regarding sponsorship, please let us know if you are interested in one of the options because we have already received several requests and we would like to sign all the contracts as soon as possible (within 31 Dec. 2015). Other Global AppSec Events We are still accepting sponsorships for AppSec Cali 2016 to be held in Santa Monica, California on January 25-27, 2016. Visit the website for details. AppSecUSA 2016 will be held on 11-14 October 2016 in Washington DC. Mark your calendars!
Regional and Local Events AppSec Cali 2016, Jan. 25, 2016 - Jan. 27, 2016, Santa Monica, CA New Zealand Day 2016, February 3, 2016 - February 4, 2016, Auckland, New Zealand Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America CyberSecurity 2016, May 16, 2016 - May 20, 2016, New York, NY, USA AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China Partner and Promotional Events CodeMash January 5 - 8, 2016 Sandusky, Ohio, USA BSides Lagos January 22, 2016 Nigeria SC Congress London, February 10, 2016 ILEC Conference Centre London, UK Blackhat Asia 2016, March 31 - April 1, 2016 Marina Bay Sands, Singapore. OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316 SC Congress Toronto, June 1, 2016 - June 2, 2016 Metro Convention Center Toronto, CN

Ads are not endorsements and reflect the messages of the advertiser only. They represent co-marketing arrangements
with other organizations in support of the OWASP Community. CLICK HERE for more information on advertising.

Black Hat Asia 2016, Singapore, March 29- April 1, 2016, USD$200 Discount: OWBR0316

OWASP Chapters

New Chapters

Himachal Pradesh, India: Pravesh Janartha, Leader (pravesh.janartha@owasp.org)
https://www.owasp.org/index.php/Himachal_Pradesh

Incheon, South Korea: Yong-Sik Choi, leader (yong-sik.choi@owasp.org)
https://www.owasp.org/index.php/Incheon

Medford, OR, USA: Michael Birkhead and Tracey Birkhead, leaders (michael.birkhead@owasp.org, tracey.birkhead@owasp.org)
https://www.owasp.org/index.php/Medford

Nagpur, India: Rahul Yadav, leader (rahul.yadav@owasp.org)
https://www.owasp.org/index.php/Nagpur

Ngaoundèré, Camaroon: Franklin Tchakounté, leader (franklin.tchakounte@owasp.org)
https://www.owasp.org/index.php/Ngaoundere

Sevilla, Spain: Carmelo Zubeldia and Ramón Salado, leaders (Carmelo.zubeldia@owasp.org, ramon.salado@owasp.org)
https://www.owasp.org/index.php/Sevilla

Timisoara, Romania, Cornel Punga, leader (cornel.punga@owasp.org)
https://www.owasp.org/index.php/Timisoara

Chapters Restarts

São Paulo: Roberto Soares, new leader (roberto.soares@owasp.org)
https://www.owasp.org/index.php/Sao_Paulo

Transitions

Atlanta: Tony Carter, new leader (tony.carter@owasp.org)
https://www.owasp.org/index.php/Atlanta

Patagonia: Diego Di Nardo (diegodinardo@gmail.com), joins Gaston Toth as leader
https://www.owasp.org/index.php/Patagonia">https://www.owasp.org/index.php/Patagonia

Tampa: Justin Morehouse is stepping down, Sunny Wear (sunny.wear@owasp.org), Jonathan Singer (jonathan.singer@owasp.org), and Brian Beaudry (brian.beaudry@owasp.org) will share leadership duties
https://www.owasp.org/index.php/Tampa

New Student Chapter

Sri Lanka Student Chapter - National School of Business Management: Ruwan Ranganath (ruwanranganathz@gmail.com) leader
https://www.owasp.org/index.php/Sri_Lanka_Student_Chapter

New Academic Supporters

University of Ngaoundèré, Ngaoundèré, Camaroon
Faculty Contact: Franklin Tchakounté, tchafros@owasp.org
http://www.univ-ndere.cm/

Mannheim University of Applied Sciences, Mannheim, Germany
Faculty Contact: Sachar Paulus, s.paulus@hs-mannheim.de
http://hs-mannheim.de/

Learn more about our Academic Supporter program

Notable Chapter Activity

Here is a summary of chapter activity in 2015. Thanks to all our new and veteran leaders for making this an outstanding year:

35 new chapters started

14 chapters restarted

9 new student chapters

9 new academic supporters

68 new leaders added, including restarts

2015 AppSec Summer School in Croatia

Vlatko Kosturjak sent us photos from OWASP Croatia's OWASP Application Security Summer School held in September at Fakultet Organiazacije Informatike (FOI). The program included speakers from industry and academia, who are experts in the field of web application security. The program presented students with practical, industrial problems focusing on attacks against web applications and protect against those attacks. The Summer School is an intensive program that includes 8h lectures and training sessions over 4 days, plus an additional, independent student project. The event was free for all students of FOI, and provided a certificate of completion.