This document provides a summary of the State of OWASP in 2015. It discusses the Open Web Application Security Project (OWASP) organization, including its purpose to drive visibility and evolution of software security. Key updates are provided on OWASP's strategic goals, operations team, chapters and conferences around the world, projects, finances, and community engagement. The community manager discusses developments with chapters and communications. The project coordinator reviews the project task force, summits, and OWASP's successful summer code sprint program.

1. OWASP & More
State of OWASP 2015
https://www.owasp.org
https://2015.appsecusa.org
Twitter: @owasp, @appsecusa
Tobias Gondrom – Board Chair
Paul Ritchie – OWASP Executive Director
Noreen Whysel – OWASP Community Manager
Claudia Casanova – OWASP Project Coordinator
Sept. 24, 2015

2. State of OWASP
• Welcome: A “brief story” about OWASP
• Updates from our Executive Director,
Community Manager and Projects Coordinator
• Q&A

3. Who is OWASP?
Free & Open
Governed by rough
consensus & running
code
Abide by a code of
ethics (see ethics)
Not-for-profit
Not driven by
commercial
interests
Risk based approach

4. Our Purpose & Our Core Values
OPEN: Everything at OWASP is radically
transparent from our finances to our code.
INNOVATION: OWASP encourages and
supports innovation/experiments for
solutions to software security challenges.
GLOBAL: Anyone around the world is
encouraged to participate in the OWASP
community.
INTEGRITY: OWASP is an honest and
truthful, vendor agnostic, global community.
Our Core Values
Our Purpose: The OWASP Foundation will be the thriving global community that
drives visibility and evolution in the safety and security of the world’s software.

5. Strengthen OWASP chapters and
increase Chapter’s abilities to
spread message of OWASP through
locally organized and run events.
Mature the OWASP Projects
Platform: Provide the OWASP
projects community a mature
project platform to encourage
senior developers to participate in
the various and many OWASP
projects.
Build a scalable OWASP training
program that spreads security
training around the world
Strategic Goals for 2015

6. 130
Active Projects

7. 268
Active Chapters

8. 44,000+
participants mailing lists

9. 88+
Government & Industry Citations!

10. 100+
Academic Supporters

11. 55
Paid Corporate Memberships

12. 2458 Members

13. Our Strong OWASP Operations Team
• Executive Director: Paul Ritchie
• Operations Director: Kate
Hartmann
• Membership and Business
Liaison: Kelly Santalucia
• Event Manager: Laura Grau
• Projects: Claudia Casanovas
• Community Manager: Noreen
Whysel
• Accounting: Alison Shrader
• IT Admin: Matt Tesauro
(Contractor)
• Graphic Design: Hugo Costa
(Contractor)
13

14. OWASP – chapter meetings and conferences
around the world

15. Thanks to our sponsors and supporters:
Contributing
Sponsors:
Premium Sponsors:

16. OWASP is about you!
Free to use
Free to participate
Free to contribute
Join and help to make the Web, make
the world more secure!
… join a chapter
… join a project
… join the global community list
… share the security knowledge.

17. Mission
• Our mission is to make software security visible, so
that individuals and organizations worldwide can
make informed decisions about true software
security risks
• How’d we do in 2014? See Annual Report themed
“Growing, Learning, Sharing, Leading”

18. Strategic Goals & Metrics - 2015
• Chapter Development
• Volunteer Management
• Training
• Supporting & Maturing the Project Platform
• Finances

19. Chapter Development - 2015
• Our Global Footprint
• 28 New Chapters
• 8 Chapters Restarted
• More Chapter &
Project Leader
Training on Friday
Note Recent
New Chapters
in Africa

20. Volunteer Management
• Project Review Task Force Actively looking for Volunteers
• Over 25 Co-marketing agreements ‘signed’ with Speaker or
free Booth space at outside event for OWASP Volunteers
• Wiki Volunteer & Initiatives page updated with Volunteer
opportunities at University and 25 Chapter Leader openings

21. Training – Our Reach is Global
AppSec USA-SF 2015
• 1200 attendees
• 253 Training attendees
• 75+ Speakers
AppSecEU 2015
• 585 attendees
• 133 Training attendees
• 57 Speakers
LATAM 2015
• 724 attendees
• 42 Training attendees
• 70 Speakers

22. Training – Chapters Gone Wild (w/Training)
• AppSec-California Training 7 classes, 36 registrations
• NYC Hack Day Training 1 class, 19 registrations
• OWASP New Zealand Day 1 class, 12 registrations
• LATAM Tour 6 classes, 42 training attendees
• AppSecEU 13 classes, 133 registrations
• OWASP CONfidence (Krakow) 5 classes, (6 trainers/classes on website)
• OWASP SAMM Summit (Dublin) ~30 registrations, 10 paid
• OWASP Dublin Training Day 3 classes, 78 registrations
• …..And so many more

23. Project Innovation & Output
• New projects added
• Updates & outputs on 2015
• Project Maturity update
• Project Summit & Summer of Code
• Bossie Award for Open Source Tools
– Highlighted: ZAP, Xenotix XSS, O-Saft, OWTF

24. Project Highlights – 2015
• 2 Project Summits held during AppSec Conferences to maximize participation
• OWASP’s own Summer Code Sprint hosted to support Projects
• Project Coordinator – Claudia updating the New Project & Project Review process & docs
• CISO Guide translated into Spanish
• Dependancy Check 1.2.9 released
• Dependancy Track 1.0.0 released
• Vicnum Project updated
• OWASP SAMM Project Summit – Dublin March 2015
• AppSensor – CISO Briefing released
• ZAP 2.4.0 released
• ZAP w/Docker introduction released
• ASVS version XX released
• OWASP KALP Mobile Project initiated
• OWASP Seraphimdroid project, version 2 released

25. OWASP Finances – Overall Strong & Growing
See Annual Report for Details
Full Financial Transparency &
Reports found on the OWASP Wiki

26. Financial Snapshot
GROWTH 2013 - 2016
Conferences remain excellent channel
for Training & Community sharing
• 65% of Income & 50% of Expenses
Projects / Chapter Funding
represented ~$255K in 2015 with
potential growth to the $300-400K
range in 2016.
26

27. Project Funding & Chapter Funding
Where’s the Info?
• Need Project Funding?
• Need Chapter Funding?
• Got a Chapter Budget, need
reimbursement?
• Submit here
https://www.owasp.org/index.php
/Funding

28. OWASP Northern Virginia
@OWASPNoVA
OWASP DC
@OWASPDC
The Big Reveal – AppSec US in 2016
• OWASP AppSec EU 2016: Rome in June
• OWASP AppSec USA 2016:
Washington DC – September
– Hosted by No.Virginia & WashDC Chapters

29. Community Update
Noreen Whysel
Community Manager
September 24, 2015

30. Chapter Development
• 28 new chapters started in 2015
• 8 chapters restarted
• 26 chapters inactivated (some in process of restarting)
• 1 merged chapter (Kenya/Nairobi)
• 3 chapter splits (Spain, Argentina, Sweden)
• 53 new leaders added, including restarts
• 120+ cases & conversations with chapter leaders worldwide

31. Communications
• Community News Flash
• Social Media Announcements
• Mailing Lists
• SalesForce Messaging
• Personal Correspondence

32. Community News Flash
• First issue April 2015
• Sent to owasp-leaders and owasp-community lists
• Switched to Vertical Response in August 2015
• August 2015
– Sent to: 1,282
– Opens (257): 20.05%
– Clicks (52): 4.06%
– Bounces (13): 1.01%
– Unsubscribes (0): 0.00%
• September 2015
– Sent to: 1,269
– Opens (255): 20.09%
– Clicks (26): 2.05%
– Bounces (3): .24%
– Unsubscribes (1): 0.08%

33. Social Media
• Twitter (as of 8/31/2015)
– 4014 tweets
– 325 following
– 56,819 followers
• Facebook
– 9,062 Page Likes
– 8,839 Group Members
• LinkedIn
– 22,730 group members
– 12,800 followers
• Slack
– 399 members
– 76 channels
• Meetup
– 54 “OWASP” Meetup
Groups
– 13,328 Members
– 1,416 Expressed Interest
– 50 Cities
– 17 Countries

34. Chapter Leader Workshops
Room F, Pacific Concourse
• Thurs 10:30AM - People and Capital
• Thurs 11:30AM - I’m a Leader. Now What?
• Friday 10:30AM - What’s In Your Toolbox?
• Friday 11:30AM - OWASP Wiki Edit-a-thon
• Friday afternoon - Flex sessions, continue the conversation

35. Projects & Initiative Update
Claudia Aviles Casanovas
Project Coordinator
September 20, 2015

36. Project Task Force Recent Activity
Pending Graduation Review: (Submitted Last Week)
OWASP Security Shepherd
OWASP Seraphimdroid Project
OWASP Security Logging
New Incubator Projects Project Added:
• OWASP ZSC Tool Project
• OWASP Mth3I3m3nt Framework Project
Recent Project that Graduated to the next Level:
• Benchmark Tool Project
Review Results: Moved from Incubator Project To Lab Project
Projects Graduated from Incubator to Lab in June 2015
Category: Documentation
• OWASP Internet of Things To Ten Project
• OWASP Pro Active Controls
• OWASP Top 10 Privacy Risks_Project
• OWASP Reverse Engineering and Code_Modification Prevention
Project
Category: Code
• Mobile Application Security Project
• OWASP Security Python Project

37. Project Summit USA 2015
Projects Participating:
• OWASP Code Review Guide – Gary Robinson & Larry Coklin
• OWASP ASVS & OWASP Pro Active Controls – Jim Manico
• OWASP Python Security Project – Enrico Branca
• OWASP Security Shepherd – Mark Denihan
• OWASP Security Knowledge – Glenn Ten Cate
• OWASP PodCast – Mark Miller
• OWASP WAFEC (Starting up Activity)– Tony Turner
• OWASP O2 – Michael Hidalgo

38. Project Summit USA 2015
Project Name Project Leader Did the Project Summit
help your Project?
Did you Accomplish it? Deliverable
OWASP Security Shepherd Mark Denihan
Pol Mac Cana
Updated the GitHub Wiki pages to a
state where new users can easily add
Translation support to Shepherd
components, add new language
tranlations without difficulty and create
new Security Shepherd levels with the
new specifications made in V3. Also
created new Security Shepherd level
templates. Eliminated issues that were
blocking the progress of the Security
Shepherd Docker File.

39. These last two week’s OWASP Summer Code Sprint 2015 mentors and students have wrapped up
activities.
Originally Received 39 Proposals and were able to select 8 Students for the Summer Code Sprint
2015. The selections was difficult due to competitive proposals.
Results: All 8 Students passed the Final Evaluations.
Feedback & Experience:
• Amazing Performance!
• OWASP Seraphimdroid Project is now able to apply for a Project Review Graduation
due to the work done with the student.
• Project’s quality robustness increased like never over the past 2 months!
• Excellent work and worked beyond the original plan!
• Gained a contributor for the Hackademic Project.
• High level of dedication with excellent results
• Students were happy to work with such great mentors and excited about the projects.
Results Final Evaluations
Fabio Cerullo, Initiative Leader

40. Summer Code Sprint 2015 Participation
Fabio Cerullo, Initiative Leader
Project Name Mentors Students
OWASP OWTF Abraham Aranguren, Tao Sauvage,
Bharadwaj Machiraju
Arun Sori, Alexandra Sandulescu, Viyat
Bhlalodia
OWASP Seraphimdroid John Melton Kartik Kholic
OWASP APPSensor Nikola Milosevic Sumanth Damaria
OWASP Hackademic Spyros Gasteratos, Paul Chaignon Anirudh Anand, Minhaz AV, Tapasweni
Pathak

41. Project Updates
• OWASP Project Task Force
• Project Summit USA
• How to Start A New Project
• OWASP Project Dasboard
• OWASP 2014 Project Handbook
– Project Funding Request Form
– Project Spending Policy

42. Community Q&A
https://www.owasp.org
https//2015.appsecusa.org
Twitter: @owasp, @appsecusa
Open OWASP Board Meeting
Friday, Sep-25, 18:00 – 20:00 PDT
Room A - Pacific Level.

43. Learn, meet, share and ….
… have a great time!
https//2015.appsecusa.org
Twitter: @appsecusa