Global OWASP Connector September 3, 2013 Project Updates Membership Updates Global CTF Translation Efforts
Featured OWASP Project OWASP Periodic Table of Vulnerabilities (https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities) There are many anthologies of vulnerabilities and weaknesses (including CWE - 25, TCv2, and OWASP Top 10), but there is no attempt to classify these issues based on how they should be best solved. In the past, we have tried to teach developers how to avoid introducing these problems, but it appears, via the lesson of Buffer Overflow, that the only way we'll ever eliminate them is to make it impossible for developers to write vulnerable code. The periodic table classifies issues based on the most scalable solution, whether that be in frameworks, perimeter technologies, custom code, or fixing the browsers and standards responsible. If you would like to contribute, please visit the OWASP Periodic Table of Vulnerabilities page (https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities) or contact the project leader, James Landis (mailto:[email protected]). New OWASP Projects OWASP Framework Security Project (https://www.owasp.org/index.php/OWASP_Framework_Security_Project) The OWASP Framework Security Project focuses on understanding missing security controls within popular frameworks, and coordinating with developers and the framework leaders to effectively integrate the missing security controls. This project requires the collaboration between security experts, security minded developers, and framework developers and leaders. The primary deliverable of this project is source code that is accepted into frameworks. The OWASP Framework Security Project will maintain documentation to indicate with security controls have been accepted, and links to code and documentation at each framework. For more information, please contact the Project leader, Michael Coates (mailto:[email protected]). OWASP SecLists Project (https://www.owasp.org/index.php/OWASP_SecLists_Project) SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data group strings, fuzzing payloads, and many more. The goal is to enable a security tester to pull this repo onto a new testing box, and have access to every type of list that may be needed. For more information, please contact the project leader, Daniel Miessler (mailto:[email protected]). Project Announcements New "ESAPI for Java" release - 2.1.0 (https://code.google.com/p/owasp-esapi-java/downloads/detail?name=esapi-2.1.0-dist.zip&can=2&q=) A new version of ESAPI, release 2.1.0, has been uploaded to both the Google Code downloads list as well as being made available via Maven Central. The full release notes are available with the Google Code download here (https://code.google.com/p/owasp-esapi-java/downloads/detail?name=esapi-2.1.0-dist.zip&can=2&q=). Most importantly, if fixes Google Issue #306 (https://code.google.com/p/owasp-esapi-java/issues/detail?can=1&q=306&colspec=ID%20Type%20Status%20Priority%20Milestone%20Component%20Owner%20Summary&sort=-id&id=306) which is closed with this release. If you want more information on the release, or the OWASP ESAPI Project, please visit the project wiki page (https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API). Alternatively, you may contact Kevin Wall (mailto:[email protected]) or Chris Schmidt (mailto:[email protected]) directly. OWASP Top 10 2013: Korean Version Released (https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf) A big thank you to Yune Sung, Johnny Cho, and all those involved in the effort to translate the OWASP Top 10 2013 version into Korean. The document can be downloaded here (https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf), and both the document and the contributors list can be found here (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Translation_Efforts). Please reach out to Yune Sung (mailto:[email protected]) or Johnny Cho (mailto:[email protected]) if you have any questions about the translation. OWASP ByWaf Project (https://www.owasp.org/index.php/OWASP_Bywaf_Project) The OWASP ByWaf Project is looking for Python developers to help with the final stages of the project. The project is a tool that bypasses WAFs, and its main function is to detect, evade, and display vulnerabilities. If you are interested in contributing to the project, please contact the project leader, Rafael Gil Larios (mailto:[email protected]). 2013 OWASP Mobile Top 10 Call for Data (http://owasp.blogspot.com/2013/05/2013-owasp-mobile-top-10-call-for-data.html) The project leaders for the OWASP Mobile Security Project are looking for data that represents the current state of mobile application security. They are soliciting not just vulnerability data, but also incident and attack data that reflects the real-world prevalence and significance of these issues. The goal in requiring both is to rank risks accordingly based on data as opposed to making assumptions. They will use this data to flesh out and re-evaluate the currently incomplete Mobile Top Ten Project. If you are interested in contributing data to the project, please contact Project leaders Jason Haddix (mailto:[email protected]), Jack Mannino (mailto:[email protected]), and Mike Zusman (mailto:[email protected]). Global Capture The Flag Competition is LIVE!!!!!!! Are you ready for the First Global CTF? The Irish Honeynet project: @honeyn3t, in cooperation with OWASP have built a CTF designed to engage first time CTF players while also challenging the experienced. Places for the games are limited - and you must register to play. The competition will run now until the end of September. The winners will be announced and recognized during AppSec USA 2013 in New York, NY. The purpose of the games is to provide an environment for people to have fun and learn about security! Read more about the Global CTF Here (https://www.owasp.org/index.php/Global_ctf_challenge) Register for the Global CTF Here (http://ctf.honeyn3t.ie/) Thank you to our newest Corporate Member: Lynx Technology Partners Thank you to Information Builders for their renewal Thank you to Information Security Buzz (http://www.informationsecuritybuzz.com/) A New Media Supporter The Membership Deadline to participate in the 2013 Global Board Election AND the 2013 WASPY awards is September 30, 2013. Please visit the Membership Page (https://www.owasp.org/index.php/Membership) to get information on how to renew or how to join. OWASP AppSec LATAM 2013 (https://www.owasp.org/index.php/AppSecLatam2013) Registration is now LIVE! Click here to register (http://www.cvent.com/events/owasp-appsec-latam-2013/event-summary-021d6ec627ad47eab3a9bf90c895a0f9.aspx) and take advantage of early bird pricing. OWASP AppSec USA 2013 (http://appsecusa.org) Click Here (http://appsecusa.org/2013/schedule/) for the full schedule of Talks and Training Classes LOCAL AND REGIONAL EVENTS Ghana Cyber Security (https://www.owasp.org/index.php/Ghana) - Sept 5-6 OWASP New Zealand Day 2013 (https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2013) - Sept 11-12; Auckland, New Zealand LASCON 2013 (http://lascon.org) - Oct 24-25, Austin, TX Meet our New Technical Project Advisors (http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html) As the OWASP Projects Inventory continues to grow, we continue to work towards improving the operations side of OWASP Projects. One of the major items on the agenda for 2013 is to review and update the current project assessment criteria and graduation process. The update is needed as there are now over 100 OWASP Projects, and the assessment criteria and process must be able to meet the demand for quality reviews. This is why the Technical Project Advisors were brought together. Please help me in welcoming our new Technical Project Advisors. Read our blog post for more information (http://owasp.blogspot.com/2013/09/meet-our-new-technical-project-advisors.html). OWASP Webinar Series GET YOUR CREDITS! Register to participate in the OWASP Webinar Series. This provides an opportunity to review some of the top security talks AND earn CPE credits! Wednesday September 11, 2013. LIVE - Ken Johnson Rails Goat Project Webinar RailsGoat project provides training for developers and security professionals - all specific to the Ruby on Rails framework 10am EDT (Live Webinar) (https://www3.gotomeeting.com/register/620491462) and at 9pm EDT (replay of the Live Webinar) (https://www3.gotomeeting.com/register/316151062) Wednesday September 25, 2013. LIVE - Josh Sokol SimpleRisk Webinar SimpleRisk is an open source tool designed to help better manage and facilitate enterprise risk management. 10am EDT (Live Webinar) (https://www3.gotomeeting.com/register/786573982) and 9pm EDT (replay of the Live Webinar) (https://www3.gotomeeting.com/register/612148654) Wednesday October 9, 2013. LIVE - Global Board Candidate Question and Answers Interactive question and answer format for the Global Foundation Board Candidates. Facilitated by Kelly Santalucia at 10am EDT (https://www3.gotomeeting.com/register/926469654)and 9pm EDT (https://www3.gotomeeting.com/register/542971910) Wednesday November 6, 2013. LIVE - Kiran Karnad OWASP Top Ten & Burp information and registration coming soon We want to highlight projects and research! If you have a topic that you would like to present, please submit an abstract here: Contact us (http://owasp4.owasp.org/contactus.html) Review the Candidates (https://www.owasp.org/index.php/2013_Board_Elections#2013_Board_Candidates) Review the Election Timeline (https://www.owasp.org/index.php/2013_Board_Elections#Election_Timeline) Review the Nominees (https://www.owasp.org/index.php/WASPY_Awards_2013)
_______________________________________________ To unsubscribe from the Owasp-all mailing list, you will need to unsubscribe yourself from all OWASP mailing lists you belong too. This list is automatically generated to allow OWASP to contact all it’s members in one distribution. Best regards, OWASP
