Stream

Join this community to post or comment
 
Check out the OWASP Podcast with me talking about the OWASP ASVS 3.0.1 release I did at AppSec EU, and another podcast from the team behind the excellent University Challenge! If you are in a university, you definitely try to participate in the University challenges!

http://www.sonatype.org/nexus/2016/07/01/interviews-and-insights-from-appseceu-2016/
At AppSecEU 2016 in Rome, Italy, I sat down with project leads and session leaders to hear what they were working on and what they would like the community to know about their projects and plans. I…
1
Add a comment...
 
Amazing trailblazer
 
Today, our Dawn spacecraft completes its primary mission. The mission exceeded all expectations originally set for its exploration of protoplanet Vesta and dwarf planet Ceres. Details: http://go.nasa.gov/295N2tH
3
1
Add a comment...
 
Things the Board are working on part 1605.

We are busy working through hiring new staff, including succession planning, progressing new hires for our Community Manager and a new Senior Technical Coordinator, starting the process of an executive search to replace our late and great Executive Director, and working on new supporter logos, which have just been released.

This next month, we are gearing up for our first face to face meeting in 2016 at AppSec EU being held in Rome, Italy.

We are considering the issues to be raised, but I will be raising diversity and inclusion targets for all OWASP regional and global events, and introducing new forms of fund raising, so we can move towards an OWASP Fellowship program, where projects can pitch for funding to gather together before (or after) a major global or regional OWASP event, and work on their projects for a stipend.

If you have ideas that you'd like OWASP to look at, please raise them with us. We are completely open and transparent (or try to be), so please participate! 
5
Simon Bennetts's profile photo
 
Good to hear whats going on - more updates like this please :)
Add a comment...
 
Did you get your ticket yet for AppSec EU 2016?

Want to tack on a training session to make your AppSec EU experience even better?

As a special offer to the community we would like to offer 100euro off when you purchase a conference ticket and training course together. You can avail of this offer by using the following code: PROMO-REU2016 (valid until May 27th)

We have a whopping 14 training courses to pick from. Here are this year's 3-day, 2-day and 1-day's training topics:
* Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil
* OWASP Top 10: Exploitation and Effective Safeguards
* Secure .NET Coding
* Droid-Sec Exploitation
* CISO training: Managing Web & Application Security - OWASP for senior managers
* Bootstrap and improve your SDLC with OpenSAMM
* Hands on Web App Testing with Python
* How to FIDO-enable your web-application for Strong-Authentication
* OWASP Application Security Verification Standard 3.0 Developer and QA 2 day training
* Hacking and Securing iOS Applications
* Web Service and Single Sign-On Security
* Hands-on Threat Modeling
* Assessing and Securing MEAN (MongoDB, Express.js, Angular.js, and Node.js)
* Defensive Programming for JavaScript & HTML5

Take a look at the AppSec EU website to learn more: https://2016.appsec.eu/?page_id=43

And buy your ticket HERE!


See you in Rome!



The AppSec EU 2016 Team
5
Add a comment...
 
Visual Studio Code, a cross platform editor for modern application development, has been released as 1.0

http://code.visualstudio.com/
2M installs. This free and open-source text editor runs on any platform and is optimized for building and debugging modern web and cloud applications.
7
4
Brad Chesney's profile photo
 
I am afraid I will never feel comfortable supporting anything from a company that legitimately held an "embrace, extend, & extinguish" policy while creating something so wholly half assed and doing everything it could to make sure that crummy product would prevail.
I will sit and wonder how many clock cycles have gone to waste due to applications on Windows servers.
Add a comment...
 
Hi everyone. I wish to give thanks to +Noreen Whysel our community manager at OWASP for all her hard work. She is moving on to bigger and brighter things.

I wish to shout out my appreciation to all her amazing efforts here and all our other social communities. She will be missed for sure. 
5
Add a comment...

Zariga Tongy

Discussion  - 
 
How to execute command while download 
Command Injection Tutorial 
#XSS #CommadInjection #Pentesteing #hacking #WebSecurity  #owsap #java 
https://goo.gl/JTZJdS
4
Add a comment...
 
Chapter Funding for 2016

$33,000 distributed to chapters in January!

Join us TODAY at Noon ET for a discussion of Chapter Funding for 2016.

https://docs.google.com/document/d/1mLqBQcQvxYeaefQpGfsyoK4CxMoqScEJEx90c9qsnbA/edit?usp=sharing
3
Owasp Foundation's profile photo
2 comments
 
A series of calls for 2016 Project Funding Ideas is being planned. Stay tuned!
Add a comment...

About this community

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Website: www.owasp.org
 
OWASP Consumer Web Practices. As security professionals, we don't often get hacked by our often very risky surfing habits, but our families sure do. What do we do that we get right, and what would you recommend a consumer do?

Comment, suggest, edit:

https://docs.google.com/document/d/1QerrLUYDaKElt29AsiUvE6V9C7mQFNV3zGae77180R4/edit?usp=sharing
Drive
Top Ten Safe Consumer Web HabitsOWASP Consumer Top Ten Safe Web Habits Safe practices for consumers on the web @Jim - have a look at the ASD Top 35. Consumers should do the Top 4 and these should be our top 4, too, as they are based around evidence and efficacy. The Top 11 items are well within the grasp of this list. “At le...
1
1
Add a comment...
 
At Andeas Falk's talk on Spring Boot / Spring Security at AppSec Eu


1
Brad Chesney's profile photoAndrew van der Stock's profile photo
2 comments
 
Sorry Brad, I did not see this until today! :-/ Maybe at AppSec DC?
Add a comment...
 
In our face to face Board meeting we will be discussing potentially creating new membership classes, including a gamified "pay anything model" to help convert supporters into paid members.

We are looking at creating a "developing economies" package to enable those in countries where even $20 USD is too much. We want to know if you live in these sorts of countries what is a reasonable price for this package.

We are looking at our first price rise since 2009, and some other measures. As this is your organization, and we are focused on increasing members, please take the time to complete this very short six question survey.

https://www.surveymonkey.com/r/VNPMKYR

Your answers will inform the Board as to the best path to:
Converting supporters into paid members by setting the right price and benefits
Making it worthwhile to renew
Improving OWASP membership experience
Having the funds we need to conduct our mission is critical, but only if members continue to support OWASP. Have your say by July 1, 2016!

The good news if you take the survey, you get to see the answers too. It's entirely anonymous, so please send the survey to members, as many folks who are interested in OWASP, but are supporters and not yet members, and if you're a chapter leader, please ask your chapters to respond as well. 
5
Add a comment...
 
Any OWASP members in Osaka? I'm looking for some meetups etc ...
3
Sem Sinatra's profile photo
 
The mailing list also seems very sleepy ...
Add a comment...
 
The Call for Nominations for this year's election for the OWASP Board of Directors is now up.

I encourage ALL +Owasp Foundation members to consider standing. Successful candidates must be passionate about application security, whether chapters, outreach, projects, or best of all working with developers to improve application security.

http://owasp.blogspot.com.au/2016/05/2016-global-bod-election-call-for.html
3
1
Add a comment...
 
GOOGLE SUMMER OF CODE 2016

Join us on making the GSOC 2016 a success!

We have 81 proposals waiting for your help and participation. More Mentors Needed!

Become a Mentor:

Choose a participating OWASP project from the wiki page listed below:

Link: https://www.owasp.org/index.php/GSOC2016_Ideas
Please contact org admins below to send you an invitation and get you started today.

Thank you in advance for your time and look forward to your participation.

Konstantinos Papapanagiotou
Konstantinos@owasp.org
Initiative Leader

Fabio Cerullo
fcerullo@owasp.org
Initiative Leader

Claudia Aviles-Casanovas
claudia.aviles-casanovas@owasp.org
Project Coordinator
Phone:973-288-1697
4
1
Add a comment...
 
Source Code Analysis of Web Framework from OWASP Gothenburg chapter meetup!
4
Add a comment...
5
Hans Wolters's profile photoZariga Tongy's profile photo
2 comments
 
+Hans Wolters Command Execution is the technique which occur due to the poor validation on the Input, This is just demonstration 
It will display the list in the current directory the Example used to just display the ping statistics due to poor validation command injection happens
curl 'http://zariga.com/CommandServlet'  --data 'text=ls'
Add a comment...
 
Deadline is Approaching February 19th

Hello Project Leaders:

Google is now accepting applications for mentoring organizations for GSoC 2016! We are looking for your project ideas and making the initiative a success!

For those of you that have participated in the program, this is the time of the year to start outlining your ideas for projects here:

https://www.owasp.org/index.php/GSOC2016_Ideas

For the rest of you the Google Summer of Code (https://summerofcode.withgoogle.com/) is an amazing opportunity to get some work done on your project.
5
Brad Chesney's profile photo
2 comments
 
+Noreen Whysel, thank you for posting. Application completed. At worst I will assume full responsibility as the other members have not been involved in electing to participate. I am a little excited to see the applications that may come in.
Add a comment...
 
How @netflix tracks #CredentialDumps with #Scumblr (#Rails), #Sketchy (#Python) and #Workflowable (#Ruby) - [#Vimeo] http://kiq.li/1G43
3
1
Add a comment...