To make sure you receive future emails, please add [email protected] to your address book or safe list. OWASP Connector May 21, 2013 ================================================== MAY FEATURED OWASP PROJECT OWASP Mobile Security Project (https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks) The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. The primary goal of this project is to classify mobile security risks, and provide developmental controls to reduce their impact our likelihood of exploitation. The primary focus is at the application layer. While consideration is taken into the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas where the average developer can make a difference. Additionally, focus is placed not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. Focus is heavily aimed towards the integration between the mobile application, remote authentication services, and cloud platform-specific features. NEW OWASP PROJECTS OWASP Good Component Practices Project (https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project) Project Leader: Mark Miller (mailto:[email protected]) Good Component Practice is one of the most overlooked silver bullets in the Open Source arsenal. Due to business pressure, we have found that companies are willing to risk using unverified open source components, trading off security for enhanced speed in development. This project will use community input to document an industry acceptable process for the creation, maintenance, and use of open source components. OWASP Bywaf Project (https://www.owasp.org/index.php/OWASP_Bywaf_Project) Project Leader: Rafael Gil Larios (mailto:[email protected]) The aim of this project is to develop an application that makes the work of an auditor much easier when conducting a Pen Test. The application's principal functions are to detect, evade, and give a vulnerability result utilizing known SQL injection, and other methods developed by professionals within the industry. PROJECT ANNOUNCEMENTS 2013 Mobile Top 10 Call For Data We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more formal document. We are encouraging everyone to get involved. Right now we are looking for data that represents the current state of mobile application security. We are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues. The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions. We will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project. If you would like to et involved, please visit the OWASP Mobile Security Project wiki page (https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks). Please direct any questions or concerns to the Top 10 Refresh leaders, Jason Haddix (mailto:[email protected]), Jack Mannino (mailto:[email protected]), and Mike Zusman (mailto:[email protected]). Do you want to host an event or propose OWASP involvement in an outreach event? Submit your event through the OWASP Conference Management System (OCMS) (https://ocms.owasp.org/) Thank you to MStar Semiconductor, Inc, our newest Corporate Member Thank you to AsTech Consulting for their Corporate Membership Renewal GET READY FOR THE 2013 SUMMER (http://owasp.com/index.php/Summer_2013_Membership_Drive) Cool Prizes New Membership Levels Become a LIFETIME Member Click the icon for all the details (http://owasp.com/index.php/Summer_2013_Membership_Drive) Apply for an Honorary Membership Get the Details and the Link to the form (http://owasp.com/index.php/2013_Board_Elections#Honorary_Membership) (http://appsecusa.org/2013/) AppSec Research 2013 (https://www.owasp.org/index.php/AppSecEU2013) 4th COUNTDOWN CHALLENGE RELEASED There will be a challenge posted on the conference wiki page every month up until the event in August. The winner of each challenge will get FREE entrance to the conference (a €420 value). Be sure to sign up for the conference mailing ( https://lists.owasp.org/mailman/listinfo/appseceu2013) list to get a monthly reminder. CLICK HERE (https://www.hacking-lab.com/events/registerform.html?eventid=444&uk=fxmycgUCHheeKvhUJs5aAYT8zfspa7yH) to access this challenge Complete instructions on this challenge (https://www.owasp.org/index.php/AppSecEU2013) OWASP is pleased to announce our upcoming Partner Events: ICCS 2013 (http://www.iccs.fordham.edu/) James R. Clapper, the Director of National Intelligence, will be the opening keynote speaker for the conference. Blackhat 2013 (https://www.blackhat.com/us-13/) (15% discount promo code for OWASP members is: KobrLQ44 - case sensitive) EC Council (http://www.eccouncil.org/conference/ ) - Use discount code TDCSTLOWASP for $99 conference passes OWASP Foundation www.owasp.org Contact Us (http://owasp4.owasp.org/contactus.html) OWASP Blog (http://owasp.blogspot.com/) Do you have some news? Submit your item to appear in the next connector HERE (http://owasp4.owasp.org/contactus.html) -------------------------------------------------- MAY 21 GLOBAL WEBINARS SCHEDULED TOPIC: Unraveling the mysteries of the OWASP WIKI Have you ever wondered how to find something on the wiki? Where are the projects? How do i volunteer? How, and more importantly - Why, do I become a Member? Join us for this webinar where the Ops team will walk through some of they mysterious links on the OWASP.org website. May 21, 2013 at 10am EDT (https://www3.gotomeeting.com/register/644990894) May 21, 2013 at 9pm EDT (GMT -5) (https://www3.gotomeeting.com/register/501721670) Links to the recordings of previous meetings can be found on the Initiatives Page (https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus)To review All of the opportunities, Visit the Initiaives page (http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing) OWASP Global Board Elections (http://owasp.com/index.php/2013_Board_Elections) The call for candidates is OPEN! (http://owasp.com/index.php/2013_Board_Elections) 2013 WASPY (Web Application Security People of the Year) Awards (http://owasp.com/index.php/WASPY_Awards_2013) It's time to submit your nominations for the 2013 WASPY (Web Application Security People of the Year) Awards! This year's awards will recognize our community's best in 5 different OWASP related category: - Best Chapter Leader - Best Project Leader - Best community supporter - contributor to chapter, project or initiative - Best Mission Outreach - grow the OWASP community - Best Innovator - willingness to try new ideas NOMINATIONS ARE OPEN CLICK HERE TO ACCESS THE FORM! (http://www.tfaforms.com/284578) OWASP would like to thank for stepping up to be a Platinum Sponsor for these awards in 2013! Additional sponsorship opportunities are available Here (https://www.owasp.org/images/2/2a/OWASP_WASPY_Sponsorships_Final.pdf)
_______________________________________________ To unsubscribe from the Owasp-all mailing list, you will need to unsubscribe yourself from all OWASP mailing lists you belong too. This list is automatically generated to allow OWASP to contact all it’s members in one distribution. Best regards, OWASP
