This document provides a summary of the State of OWASP in 2015. It discusses the Open Web Application Security Project (OWASP) organization, including its purpose to drive visibility and evolution of software security. Key updates are provided on OWASP's strategic goals, operations team, chapters and conferences around the world, projects, finances, and community engagement. The community manager discusses developments with chapters and communications. The project coordinator reviews the project task force, summits, and OWASP's successful summer code sprint program.
In this session, the focus will be on OWASP Top 10 mobile risks and prevention tips. Hackers’ exploitation of these most common mobile vulnerabilities will be demonstrated in the session.
The OWASP Top 10 for Mobile Apps is highly focused on security checks for your mobile apps.
The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
You think your mobile app is secure, but is it really? In this session from Xamarin Evolve 2016 in Orlando, Alec will give you the Top 10 mobile threats to be aware of and take an in-depth look at how to mitigate some of these threats using Xamarin and the OWASP Mobile Security Project. A video of the talk is available here: https://youtu.be/rCT9kiA7SE0?list=PLM75ZaNQS_Fb7I6E9MDnMgwW1GGZIijf_
Continuous Integration and Quality DevelopmentGareth Davies
A talk that covers Continuous Integration, Continuous Development & Continuous Deployment, Development Workflow, Quality as a Mind-set, Agile Methodology including Scrum and how it all comes together including tools that can help.
Delivered as a Code Lab at Google DevFest Georgetown 2015.
In this session, the focus will be on OWASP Top 10 mobile risks and prevention tips. Hackers’ exploitation of these most common mobile vulnerabilities will be demonstrated in the session.
The OWASP Top 10 for Mobile Apps is highly focused on security checks for your mobile apps.
The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications.
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
You think your mobile app is secure, but is it really? In this session from Xamarin Evolve 2016 in Orlando, Alec will give you the Top 10 mobile threats to be aware of and take an in-depth look at how to mitigate some of these threats using Xamarin and the OWASP Mobile Security Project. A video of the talk is available here: https://youtu.be/rCT9kiA7SE0?list=PLM75ZaNQS_Fb7I6E9MDnMgwW1GGZIijf_
Continuous Integration and Quality DevelopmentGareth Davies
A talk that covers Continuous Integration, Continuous Development & Continuous Deployment, Development Workflow, Quality as a Mind-set, Agile Methodology including Scrum and how it all comes together including tools that can help.
Delivered as a Code Lab at Google DevFest Georgetown 2015.
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24
Learn how to discover every web application you own and ascertain their risk levels through the hacker’s lens to gain a better understanding of the overall attack surface and locate the right path for remediation.
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security.
How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down:
• Vulnerability anatomy – how they present themselves
• Analysis of vulnerability root cause and protection schemas
• Test procedures to validate susceptibility (or not) for each threat
Mitigating the Top 5 Cloud Security ThreatsBitglass
By now you are likely familiar with Cloud Access Security Brokers (CASBs) and understand how they fit into your broader security and cloud strategy. What should organizations be looking for in a CASB? What capabilities are here or on the horizon that can provide improved data protection in the cloud?
Bitglass and (ISC)2 presents the final episode of the CASB series where we will examine where cloud security is headed, discussing agentless and agent-based solutions, the growing number of cloud apps in use and the importance of easy deployment. Learn why cross-app security will become increasingly valuable as organizations look to third-party solutions for deep visibility, behavior analytics, and more.
Qrator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry. Particular attention is payed to the DDoS, Internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Ruby Meditation
Speech of Dmytro Shapovalov, Infrastructure Engineer at Cossack Labs, at Ruby Meditation #25 Kyiv 08.12.2018
Next conference - http://www.rubymeditation.com/
Making secure applications is not easy, especially when encryption tools are difficult and incomprehensible. We will talk about typical data security problems in web apps and how to implement encryption properly. We will review cryptographic approaches and exact tools that ensure that no sensitive data leaks from the application or database.
Announcements and conference materials https://www.fb.me/RubyMeditation
News https://twitter.com/RubyMeditation
Photos https://www.instagram.com/RubyMeditation
The stream of Ruby conferences (not just ours) https://t.me/RubyMeditation
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Wrangle 2016: Seeing Behaviors as Humans Do: Uncovering Hidden Patterns in Ti...WrangleConf
By Mohammad Saffar, Arimo
Time-series (longitudinal) data occurs in nearly every aspect of our lives; including customer activity on a website, financial transactions, sensor/IoT data. Just like in written text, specific events in a sequence of events are affected by the past and affect events in the future, and this can reveal a lot of hidden structure in the source of the events. Yet, today's predictive techniques largely rely on demographic (cross-sectional) data and do not take into account the sequences of events as they occur. In this session, Mohammad will discuss techniques for taking time-series data from a variety of domains and sources and grouping entities based on temporal behavior, using RNNs. These clusters of time-series sequences can either be visualized or used for campaign targeting in the case of user clickstream behavior or understanding stock symbols that behave similarly based on their trading behavior.
Most software developers have heard about OWASP Top Ten, describing the 10 most critical security vulnerabilities that should be avoided in web applications.
However, in order to prevent them, developers must be aware of the proactive controls that should be incorporated from early stages of software development lifecycle.
This talk briefly discusses the OWASP Top Ten Proactive Controls and then maps them to the respective OWASP Vulnerabilities that each of them addresses.
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24
Learn how to discover every web application you own and ascertain their risk levels through the hacker’s lens to gain a better understanding of the overall attack surface and locate the right path for remediation.
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security.
How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down:
• Vulnerability anatomy – how they present themselves
• Analysis of vulnerability root cause and protection schemas
• Test procedures to validate susceptibility (or not) for each threat
Mitigating the Top 5 Cloud Security ThreatsBitglass
By now you are likely familiar with Cloud Access Security Brokers (CASBs) and understand how they fit into your broader security and cloud strategy. What should organizations be looking for in a CASB? What capabilities are here or on the horizon that can provide improved data protection in the cloud?
Bitglass and (ISC)2 presents the final episode of the CASB series where we will examine where cloud security is headed, discussing agentless and agent-based solutions, the growing number of cloud apps in use and the importance of easy deployment. Learn why cross-app security will become increasingly valuable as organizations look to third-party solutions for deep visibility, behavior analytics, and more.
Qrator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry. Particular attention is payed to the DDoS, Internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...Ruby Meditation
Speech of Dmytro Shapovalov, Infrastructure Engineer at Cossack Labs, at Ruby Meditation #25 Kyiv 08.12.2018
Next conference - http://www.rubymeditation.com/
Making secure applications is not easy, especially when encryption tools are difficult and incomprehensible. We will talk about typical data security problems in web apps and how to implement encryption properly. We will review cryptographic approaches and exact tools that ensure that no sensitive data leaks from the application or database.
Announcements and conference materials https://www.fb.me/RubyMeditation
News https://twitter.com/RubyMeditation
Photos https://www.instagram.com/RubyMeditation
The stream of Ruby conferences (not just ours) https://t.me/RubyMeditation
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Wrangle 2016: Seeing Behaviors as Humans Do: Uncovering Hidden Patterns in Ti...WrangleConf
By Mohammad Saffar, Arimo
Time-series (longitudinal) data occurs in nearly every aspect of our lives; including customer activity on a website, financial transactions, sensor/IoT data. Just like in written text, specific events in a sequence of events are affected by the past and affect events in the future, and this can reveal a lot of hidden structure in the source of the events. Yet, today's predictive techniques largely rely on demographic (cross-sectional) data and do not take into account the sequences of events as they occur. In this session, Mohammad will discuss techniques for taking time-series data from a variety of domains and sources and grouping entities based on temporal behavior, using RNNs. These clusters of time-series sequences can either be visualized or used for campaign targeting in the case of user clickstream behavior or understanding stock symbols that behave similarly based on their trading behavior.
Most software developers have heard about OWASP Top Ten, describing the 10 most critical security vulnerabilities that should be avoided in web applications.
However, in order to prevent them, developers must be aware of the proactive controls that should be incorporated from early stages of software development lifecycle.
This talk briefly discusses the OWASP Top Ten Proactive Controls and then maps them to the respective OWASP Vulnerabilities that each of them addresses.
1000+ Apps are released on Google Play and Appstore every day!
The most popular ones are downloaded
75 000 times a day.
There are many success factors that must be met for your app to be successful and one of these are trust
OWASP AppSec USA 2015, San Francisco
How do you stump a multi-factor authentication vendor? Ask for a threat model.
This talk will help developers as well as CISOs make better authentication decisions. When we raise the bar, everyone wins.
Cyber attacks are a real and growing threat to businesses and an increasing number of attacks take place at application layer. The best defence against is to develop applications where security is incorporated as part of the software development lifecycle.
The OWASP Top 10 Proactive Controls project is designed to integrate security in the software development lifecycle. In this special presentation for PHPNW, based on v2.0 released this year, you will learn how to incorporate security into your software projects.
Recommended to all developers who want to learn the security techniques that can help them build more secure applications.
Rebooting Software Development - OWASP AppSecUSA Nick Galbreath
If we are ever going to get ahead of the whack-a-mole security vulnerability game, we, as security professionals need to start getting involved more in the development of software. Let's review the origins of the traditional software development, and what assumptions are made. Then we'll review if those assumptions still hold for modern web applications, and what problems they cause, especially for security. Continuous deployment helps address these problems and allows for faster, more secure development. It's more than just "pushing code a lot", when done correctly it can be transformative to the organization. We'll discuss what continuous deployment is, how to get started, and what components are needed to make it successful, and secure.
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.
This presentation explain how to discover this vulnerability in application, how to test and how to mitigate the risk.
Update on progress of the 4 OWASP OWTF GSoC 2013 projects, with an intro overview about OWTF and some examples on how the OWASP Testing Guide is being covered at the moment towards the end.
OWASP Free Training - SF2014 - Keary and ManicoEoin Keary
A free application security class delivered by world renowned experts: Eoin Keary and Jim Manico.
This class has been delivered to over 1000 people in 2014 alone.
This webcast's agenda is:
1. Introduction to the OWASP Top TEN.
2. How to integrate the OWASP Top Ten in your SDLC.
3. How the OWASP Top Ten maps to compliance, standards and other drivers.
Presentation to chapter and project leaders at the OWASP Foundation's 2015 AppSecUSA conference in San Francisco. Covers building and motivating volunteer teams, planning engaging events, mentoring, funding and how to use the tools available to leaders at the OWASP Foundation.
Part 1: People and Capital – The Fire & Fuel for Chapter Activities
Part 2: I’m a Leader. Now What? – Basic Information for Jump Starting a Chapter
https://drive.google.com/open?id=0ByZ3H0-PMUGuZDNYYVFWbDNXcnc (Part 1 and 2 are combined, 71MB MP4 audio only)
Part 3: What’s in Your Toolbox? – Resources for Engagement
https://drive.google.com/open?id=0ByZ3H0-PMUGud29mM0hxMEl1YU0 (167MB MP4 audio and video)
Part 4: If You Build It, They Will Come – The OWASP Wiki Edit-a-Thon
https://drive.google.com/open?id=0ByZ3H0-PMUGuUE54OU5kS3RCTW8 (265MB MP4 audio and video)
Managing Experimentation in a Continuously Deployed EnvironmentC4Media
Video and slides synchronized, mp3 and slide download available at http://bit.ly/12Xi2lC.
Wil Stuckey explains how Etsy manages to deploy nearly ~10,000 changes in one year, and how they run A/B experiments in the midst of continual code change.Filmed at qconnewyork.com.
Wil Stuckey is Software Engineer at Etsy.
E-Learning -The Future: Developing Regional E-Learning Materials by Partnerin...Rotary International
Rotarians in Great Britain and Ireland (RIBI) and Rotary
staff have developed several e-learning courses through
a successful partnership they began in 2014. Find out
about this exciting project and learn how to make the
most of Rotary’s Learning Center. We will use case studies
(including Assistant Governors and New Club Formation
courses) to explore how these courses complement regional
and national training.
The Agile and Open Source Way (AgileTour Brussels)Alexis Monville
Slides from AgileTour Brussels presentation on September 27th, 2013. More information on AgileTour Brussels: http://atbru.be/
The Agile and Open Source Way is the book for everyone who wants to scale agile in multiple distributed teams. This book will also help you to collaborate upstream with Open Source projects.
Whether you want to improve interactions with other teams inside or outside your company, or just interested in scaling from more than one team, you will find in this publication the information you need, illustrated by a real case.
http://www.the-agile-and-open-source-way.com/
My talk about DevOps in Knowit Developer Summit 2018 in Oslo. This talk is a condensed version of the DevOps workshop I run for management teams and technical teams to start their journey as an organization towards DevOps. We refer to DASA DevOps Agile Skills Association's definitions of DevOps. The talk includes also Knowit DevOps Maturity Model high level description.
The main challenges facing universities and authors in moving to OA for journal articles are achieving compliance, managing costs, and realising the benefits of OA. This session will outline Jisc services that help, from submission of an article, through acceptance, to publication and use. It will show how these services build on existing infrastructure, where possible, to provide a solution that, while tailored to UK circumstances, is more widely applicable.
Gear up your IT skillset with DevOps awsomeness, as the topics covered are:
~ DevOps Introduction.
~ DevOps Implementation for an Enterprise Product with case study.
~ Snapshot of Latest Trends.
Webinar: Role of Open Source in the Digital JourneyWSO2
To watch recording of this webinar please use below URL:
http://wso2.com/library/webinars/2016/07/role-of-open-source-in-the-digital-journey/
Digital sales will soon account for the majority of sales in any enterprise. Becoming digital is now a requirement and the transformation needs to be done right through a well-planned and phased approach that allows you to be agile, flexible and fast. Open source software provides unique advantages in this journey. The nature of open source allows you to be fearless, try out novel ideas, make mistakes and learn along the way. You can easily drop anything that doesn’t work and strive forward without losing any money on investing in it more. Once you succeed it also provides you with economies of scale.
In this webinar Samisa will discuss the role of open source in your digital journey and how you can leverage its benefits to ensure that your journey leads you in the right direction.
Laimonas Lileika - Hybrid Project Management: Excellence Behind a BuzzwordAgile Lietuva
Laimonas Lileika will encourage you to unleash your Project Management creativity by combining Agile and Waterfall paradigms.
This speech is for you if you are interested in:
Importance of Context in Project Management;
Most frequent misperceptions about Agile and Waterfall models;
Pragmatic approach to project management: how to make a hybrid work in real.
Presentation from Leading Edge Libraries Conference, September 21, 2017, hosted by the Florida-Caribbean Chapter of the Special Libraries Association. This presentation debunks a few myths about open source software, presents five qualities to look for in an open source solution, gives a brief cost-benefit analysis of open source, and takes a look at Koha, SubjectsPlus, Omeka, and ResourceSpace.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1. OWASP & More
State of OWASP 2015
https://www.owasp.org
https://2015.appsecusa.org
Twitter: @owasp, @appsecusa
Tobias Gondrom – Board Chair
Paul Ritchie – OWASP Executive Director
Noreen Whysel – OWASP Community Manager
Claudia Casanova – OWASP Project Coordinator
Sept. 24, 2015
2. State of OWASP
• Welcome: A “brief story” about OWASP
• Updates from our Executive Director,
Community Manager and Projects Coordinator
• Q&A
3. Who is OWASP?
Free & Open
Governed by rough
consensus & running
code
Abide by a code of
ethics (see ethics)
Not-for-profit
Not driven by
commercial
interests
Risk based approach
4. Our Purpose & Our Core Values
OPEN: Everything at OWASP is radically
transparent from our finances to our code.
INNOVATION: OWASP encourages and
supports innovation/experiments for
solutions to software security challenges.
GLOBAL: Anyone around the world is
encouraged to participate in the OWASP
community.
INTEGRITY: OWASP is an honest and
truthful, vendor agnostic, global community.
Our Core Values
Our Purpose: The OWASP Foundation will be the thriving global community that
drives visibility and evolution in the safety and security of the world’s software.
5. Strengthen OWASP chapters and
increase Chapter’s abilities to
spread message of OWASP through
locally organized and run events.
Mature the OWASP Projects
Platform: Provide the OWASP
projects community a mature
project platform to encourage
senior developers to participate in
the various and many OWASP
projects.
Build a scalable OWASP training
program that spreads security
training around the world
Strategic Goals for 2015
13. Our Strong OWASP Operations Team
• Executive Director: Paul Ritchie
• Operations Director: Kate
Hartmann
• Membership and Business
Liaison: Kelly Santalucia
• Event Manager: Laura Grau
• Projects: Claudia Casanovas
• Community Manager: Noreen
Whysel
• Accounting: Alison Shrader
• IT Admin: Matt Tesauro
(Contractor)
• Graphic Design: Hugo Costa
(Contractor)
13
15. Thanks to our sponsors and supporters:
Contributing
Sponsors:
Premium Sponsors:
16. OWASP is about you!
Free to use
Free to participate
Free to contribute
Join and help to make the Web, make
the world more secure!
… join a chapter
… join a project
… join the global community list
… share the security knowledge.
17. Mission
• Our mission is to make software security visible, so
that individuals and organizations worldwide can
make informed decisions about true software
security risks
• How’d we do in 2014? See Annual Report themed
“Growing, Learning, Sharing, Leading”
18. Strategic Goals & Metrics - 2015
• Chapter Development
• Volunteer Management
• Training
• Supporting & Maturing the Project Platform
• Finances
19. Chapter Development - 2015
• Our Global Footprint
• 28 New Chapters
• 8 Chapters Restarted
• More Chapter &
Project Leader
Training on Friday
Note Recent
New Chapters
in Africa
20. Volunteer Management
• Project Review Task Force Actively looking for Volunteers
• Over 25 Co-marketing agreements ‘signed’ with Speaker or
free Booth space at outside event for OWASP Volunteers
• Wiki Volunteer & Initiatives page updated with Volunteer
opportunities at University and 25 Chapter Leader openings
21. Training – Our Reach is Global
AppSec USA-SF 2015
• 1200 attendees
• 253 Training attendees
• 75+ Speakers
AppSecEU 2015
• 585 attendees
• 133 Training attendees
• 57 Speakers
LATAM 2015
• 724 attendees
• 42 Training attendees
• 70 Speakers
22. Training – Chapters Gone Wild (w/Training)
• AppSec-California Training 7 classes, 36 registrations
• NYC Hack Day Training 1 class, 19 registrations
• OWASP New Zealand Day 1 class, 12 registrations
• LATAM Tour 6 classes, 42 training attendees
• AppSecEU 13 classes, 133 registrations
• OWASP CONfidence (Krakow) 5 classes, (6 trainers/classes on website)
• OWASP SAMM Summit (Dublin) ~30 registrations, 10 paid
• OWASP Dublin Training Day 3 classes, 78 registrations
• …..And so many more
23. Project Innovation & Output
• New projects added
• Updates & outputs on 2015
• Project Maturity update
• Project Summit & Summer of Code
• Bossie Award for Open Source Tools
– Highlighted: ZAP, Xenotix XSS, O-Saft, OWTF
24. Project Highlights – 2015
• 2 Project Summits held during AppSec Conferences to maximize participation
• OWASP’s own Summer Code Sprint hosted to support Projects
• Project Coordinator – Claudia updating the New Project & Project Review process & docs
• CISO Guide translated into Spanish
• Dependancy Check 1.2.9 released
• Dependancy Track 1.0.0 released
• Vicnum Project updated
• OWASP SAMM Project Summit – Dublin March 2015
• AppSensor – CISO Briefing released
• ZAP 2.4.0 released
• ZAP w/Docker introduction released
• ASVS version XX released
• OWASP KALP Mobile Project initiated
• OWASP Seraphimdroid project, version 2 released
25. OWASP Finances – Overall Strong & Growing
See Annual Report for Details
Full Financial Transparency &
Reports found on the OWASP Wiki
26. Financial Snapshot
GROWTH 2013 - 2016
Conferences remain excellent channel
for Training & Community sharing
• 65% of Income & 50% of Expenses
Projects / Chapter Funding
represented ~$255K in 2015 with
potential growth to the $300-400K
range in 2016.
26
27. Project Funding & Chapter Funding
Where’s the Info?
• Need Project Funding?
• Need Chapter Funding?
• Got a Chapter Budget, need
reimbursement?
• Submit here
https://www.owasp.org/index.php
/Funding
28. OWASP Northern Virginia
@OWASPNoVA
OWASP DC
@OWASPDC
The Big Reveal – AppSec US in 2016
• OWASP AppSec EU 2016: Rome in June
• OWASP AppSec USA 2016:
Washington DC – September
– Hosted by No.Virginia & WashDC Chapters
30. Chapter Development
• 28 new chapters started in 2015
• 8 chapters restarted
• 26 chapters inactivated (some in process of restarting)
• 1 merged chapter (Kenya/Nairobi)
• 3 chapter splits (Spain, Argentina, Sweden)
• 53 new leaders added, including restarts
• 120+ cases & conversations with chapter leaders worldwide
31. Communications
• Community News Flash
• Social Media Announcements
• Mailing Lists
• SalesForce Messaging
• Personal Correspondence
32. Community News Flash
• First issue April 2015
• Sent to owasp-leaders and owasp-community lists
• Switched to Vertical Response in August 2015
• August 2015
– Sent to: 1,282
– Opens (257): 20.05%
– Clicks (52): 4.06%
– Bounces (13): 1.01%
– Unsubscribes (0): 0.00%
• September 2015
– Sent to: 1,269
– Opens (255): 20.09%
– Clicks (26): 2.05%
– Bounces (3): .24%
– Unsubscribes (1): 0.08%
33. Social Media
• Twitter (as of 8/31/2015)
– 4014 tweets
– 325 following
– 56,819 followers
• Facebook
– 9,062 Page Likes
– 8,839 Group Members
• LinkedIn
– 22,730 group members
– 12,800 followers
• Slack
– 399 members
– 76 channels
• Meetup
– 54 “OWASP” Meetup
Groups
– 13,328 Members
– 1,416 Expressed Interest
– 50 Cities
– 17 Countries
34. Chapter Leader Workshops
Room F, Pacific Concourse
• Thurs 10:30AM - People and Capital
• Thurs 11:30AM - I’m a Leader. Now What?
• Friday 10:30AM - What’s In Your Toolbox?
• Friday 11:30AM - OWASP Wiki Edit-a-thon
• Friday afternoon - Flex sessions, continue the conversation
36. Project Task Force Recent Activity
Pending Graduation Review: (Submitted Last Week)
OWASP Security Shepherd
OWASP Seraphimdroid Project
OWASP Security Logging
New Incubator Projects Project Added:
• OWASP ZSC Tool Project
• OWASP Mth3I3m3nt Framework Project
Recent Project that Graduated to the next Level:
• Benchmark Tool Project
Review Results: Moved from Incubator Project To Lab Project
Projects Graduated from Incubator to Lab in June 2015
Category: Documentation
• OWASP Internet of Things To Ten Project
• OWASP Pro Active Controls
• OWASP Top 10 Privacy Risks_Project
• OWASP Reverse Engineering and Code_Modification Prevention
Project
Category: Code
• Mobile Application Security Project
• OWASP Security Python Project
37. Project Summit USA 2015
Projects Participating:
• OWASP Code Review Guide – Gary Robinson & Larry Coklin
• OWASP ASVS & OWASP Pro Active Controls – Jim Manico
• OWASP Python Security Project – Enrico Branca
• OWASP Security Shepherd – Mark Denihan
• OWASP Security Knowledge – Glenn Ten Cate
• OWASP PodCast – Mark Miller
• OWASP WAFEC (Starting up Activity)– Tony Turner
• OWASP O2 – Michael Hidalgo
38. Project Summit USA 2015
Project Name Project Leader Did the Project Summit
help your Project?
Did you Accomplish it? Deliverable
OWASP Security Shepherd Mark Denihan
Pol Mac Cana
Updated the GitHub Wiki pages to a
state where new users can easily add
Translation support to Shepherd
components, add new language
tranlations without difficulty and create
new Security Shepherd levels with the
new specifications made in V3. Also
created new Security Shepherd level
templates. Eliminated issues that were
blocking the progress of the Security
Shepherd Docker File.
39. These last two week’s OWASP Summer Code Sprint 2015 mentors and students have wrapped up
activities.
Originally Received 39 Proposals and were able to select 8 Students for the Summer Code Sprint
2015. The selections was difficult due to competitive proposals.
Results: All 8 Students passed the Final Evaluations.
Feedback & Experience:
• Amazing Performance!
• OWASP Seraphimdroid Project is now able to apply for a Project Review Graduation
due to the work done with the student.
• Project’s quality robustness increased like never over the past 2 months!
• Excellent work and worked beyond the original plan!
• Gained a contributor for the Hackademic Project.
• High level of dedication with excellent results
• Students were happy to work with such great mentors and excited about the projects.
Results Final Evaluations
Fabio Cerullo, Initiative Leader
40. Summer Code Sprint 2015 Participation
Fabio Cerullo, Initiative Leader
Project Name Mentors Students
OWASP OWTF Abraham Aranguren, Tao Sauvage,
Bharadwaj Machiraju
Arun Sori, Alexandra Sandulescu, Viyat
Bhlalodia
OWASP Seraphimdroid John Melton Kartik Kholic
OWASP APPSensor Nikola Milosevic Sumanth Damaria
OWASP Hackademic Spyros Gasteratos, Paul Chaignon Anirudh Anand, Minhaz AV, Tapasweni
Pathak
41. Project Updates
• OWASP Project Task Force
• Project Summit USA
• How to Start A New Project
• OWASP Project Dasboard
• OWASP 2014 Project Handbook
– Project Funding Request Form
– Project Spending Policy