January 2016 Community News Flash

In this Issue:

FEATURE: OWASP Global AppSec 2017 - Call for Proposals!

OWASP encourages any community member interested in hosting an OWASP Global Conference to submit a proposal.

The dates of each OWASP Global AppSec conference (or Tour) vary somewhat each year but ideally the conference is held:

To bid for a 2017 OWASP Global AppSec please complete the OCMS form http://www.tfaforms.com/301382 with the following information before February 29th, 2016.

  1. The proposed city and host chapter.
  2. The name of the intended local organizer and his/her team committed to the task for 2016 along with a brief explanation on why the conference committee wants to organize an OWASP Global AppSec.
  3. Previous conferences or local/regional events experience of the conference committee.
  4. The intended dates for the conference. (Typically includes 2 days of pre-conference training, followed by 2 days of conference talks).
  5. Venue recommendations. If possible, assurance that the following will be available:
    • Green room, storage room, breakout rooms, etc.
    • A large auditorium. Other lecture rooms near the main auditorium.
    • Projection facilities in all rooms up to modern standards.
    • A suitable mixing space near the rooms for registration, breaks and other activities.
    • A hall near the rooms for sponsor exhibitions.
    • If possible, attach a tentative floor plan design.
  6. Budget. Please use the Application Form on google docs (Since many of the categories of expenses are optional, consider this a check list. You can add as many items as you want and you do not need to fill in every box if you do not want it to be included in your event.)
  7. Possible "big name" speakers in AppSec who might be plenary speakers with low travel costs.
  8. Any other relevant information.

By submitting an application, you are already demonstrating your commitment to OWASP. Hosting a conference requires both a commitment and a great deal of responsibility. A lot of time, energy and effort are needed during the proposing, planning and implementing phases of hosting a conference. For more information see the How to Host a Conference page. https://www.owasp.org/index.php/How_to_Host_a_Conference We really appreciate every proposal we receive. The selection process that will be made by the OWASP operations team.

Application submission begins January 1st. The deadline for applications is February 29th. Applicants will be notified by March 18th.

Should you have any questions concerning the proposal process or need assistance with you application, please do not hesitate to contact me.

We are looking forward to your proposals!

Laura Grau
Global Conference Manager
OWASP Foundation
laura.grau@owasp.org

FUNDING: Updated Balances

Per recent changes to our funding procedures some of our chapters and projects that ended the year with less than $500 will be seeing an increase in their funding allocations. Only those with current activity and at least two leaders will see the increase. Please watch for a notice of your new funding balance. If you do not see an increase, be sure that your wiki page reflects your current activity and has contact information for at least two leaders. If you need assistance, let Community Manager, Noreen Whysel know at noreen.whysel@owasp.org.

Keep in mind also that one of the best ways to raise funds is to recruit new, paid memberships and local sponsors. Individual memberships are a low $50 per year (pro rated in some countries) and corporate memberships are available at $5,000, $20,000 and $50,000, a portion of which can be allocated to a chapter and/or project. Local sponsorships can also be allocated directly to your project or chapter. Direct prospective sponsors to the "Donate" button on your chapter or project's wiki page.

See the results of several board proposals affecting funding for 2016: https://www.owasp.org/index.php/OWASP_Board_Votes#Voting_Records

You may check your account balance and funding history here:

Chapters:

Projects

PROJECTS: What's Right, What's Wrong & What Needs to Change

OWASP Projects are the CORE of the Foundation. As we kick off 2016 join together with your peers to discuss PROJECTS: What's Right, What's Wrong & What Needs to Change.

When: Wed, Jan 27, 2016 3:00 PM - 4:00 PM EST
Where: ONLINE
RSVP: https://attendee.gotowebinar.com/register/7141369075633328641

Volunteer Agenda

You can be part of the problem or the solution... that choice is yours - forward as appropriate.

Pre-Requisite Read Ahead
https://www.owasp.org/index.php/OWASP_Project_Inventory
https://www.owasp.org/index.php/Category:OWASP_Project

Moderator: Tom Brennan, Volunteer

Call for Comments: OWASP Projects Handbook

What makes a good project great? We know you want to make great projects. The OWASP Projects Handbook can help. And now that we have come together as a community to discuss making great projects, it's time to give us your feedback.

A Call for Comments on the OWASP Projects Handbook update is now open. We invite project participants to visit the OWASP Projects Handbook draft on Google Docs and enter comments. You can also download a PDF version from the OWASP Projects wiki page and forward comments to Claudia Aviles-Casanovas at claudia.aviles-casanovas@owasp.org.

Project Updates

OWASP Security Knowledge Framework: A new release of the OWASP-SKF project is now available!

https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework https://www.securityknowledgeframework.org

This new release contains a lot of new features such as:

Chef cookbook for setting up the SKF project:
https://skf.readme.io/docs/installation#section-automated-installation-with-chef
https://github.com/blabla1337/owasp-skf-chef

ASVS: The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls. Jim Manico will host a call on March 22 to discuss new features in ASVS. Save the date to your calendar and sign up be reminded as we get closer:

OWASP Goto Webinar: https://attendee.gotowebinar.com/register/5561919523333176577

For more information about the ASVS project, read this latest interview with Andrew van der Stock from The Register: http://www.theregister.co.uk/2016/01/12/owasps_revamped_developer_guide_will_help_you_pass_pen_tests/

ASVS v3.0.1 has been committed into GitHub and uploaded to our translation platform on Crowd In. The call for translations for the ASVS project remains open.

https://github.com/OWASP/ASVS
https://crowdin.com/project/owasp-asvs/

You can reach Andrew van der Stock about volunteering at vanderaj@owasp.org.

OWASP 24/7 PodCasts

Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.

CHAPTERS: New Chapters, Leader Transitions, Meeting Ideas for 2016

New Chapters

Restarted Chapters

Leader Transitions

There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open positions: http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing

New Student Chapters

Learn more about our Student Chapters and Academic Supporter programs.

Notable Chapter Activity

OWASP Delhi submitted a comprehensive year end report for chapter activities since its restart in January 2014 complete with photographs and a summary of expenses. Also a Video from the March 2015 meeting was sent by the CISO of Sapient who served as host for that meeting. Chapter Leader Sandeep Singh would like to offer this reporting structure as a model for other chapters to adopt in planning the year's activities. You can View the Report in Google Docs.

While you are planning for 2016, here is a great idea that Tom Brennan passed along. This year, Tom will be serving as the Chairman of the NYMJCSC: New York Metro Joint Computer Security Conference, an annual event that is in its third year in NYC. Last year's event included the following organizations:

The New York City chapter advertises this event as a multi-track meeting for October. Wouldn't it be great for all OWASP Chapters to collaborate with other industry peer groups in October (which is Cyber Security Awareness Month in the US)?

The NYMJCSC 2016 website is in the planning stage, but you can visit the NYMJCSC 2015 event website at: http://www.nymjcsc.org/ for details. If you are in the New York City area this Fall, the Save the Date is October 5th.

Restarting an Inactive Chapter

If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:

https://docs.google.com/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html

EVENTS: Upcoming AppSec Events

Global AppSec Events

The Call for Papers for AppSec Europe 2016 ends on the 15th of January. That's TOMORROW! Be sure to send in your abstracts today:
http://2016.appsec.eu/important-dates/call-for-papers/

Did you know that OWASP's AppSec Europe event made TripWire's Top 11 Security Conferences? Read more at OWASP AppSec EU made TripWire's list of the Top 11 Security Conferences in the world? We are very proud of our AppSec Europe team.

Regional and Local Events

Partner and Promotional Events

Watch the AppSec Conference page for updated event listings. Be sure to enter your upcoming event into the OWASP Conference Management System so we can promote it and provide assistance.

RESOURCES

Project Inventory:
https://www.owasp.org/index.php/OWASP_Project_Inventory
https://www.owasp.org/index.php/Category:OWASP_Project

Chapter Leader Handbook:
https://www.owasp.org/index.php/Chapter_Leader_Handbook

Funding Resources:
https://www.owasp.org/index.php/Funding

Donation Scoreboard - Current Chapter and Project Funding Allocations:
https://docs.google.com/spreadsheets/u/2/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html

OWASP Conference Management System:
https://www.owasp.org/index.php/Owasp_Conference_Management_System

CONTACT ME

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

Noreen Whysel
Community Manager
OWASP Foundation

Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.
https://owasp.slack.com/messages/askthecm/