Stream

Join this community to post or comment
 
OWASP Community,

In late 2015, the OWASP Board approved an initiative to assess and update our Wiki and internal infrastructure. The following RFP request includes the feedback & requirements received from various community leaders in order to capture various viewpoints from our diverse community.

If you know of a consultant, service provider or expert who would like respond to this RFP, please forward to their attention.

Details about the RFP objectives and requirements are available in the attached document. The document is also available here: https://drive.google.com/file/d/0BxI4iTO_QojvY0ItSk56aWY3WXM/view?usp=sharing and on the wiki here: https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus#Active_Initiatives

Submission Information

RFP open: February 3, 2016
RFP close: February 29, 2016

Please email proposals to owasp.foundation@owasp.org

Sincerely,
The OWASP Foundation
1
Add a comment...
 
Today, we are pleased to announce another great milestone in the ongoing development of what we believe to be the best Load Balancer and ADC in the marketplace, that we have achieved an ISO 9001 certification. ISO 9001 is the world’s most widely recognized standard for Quality Management Systems (QMS) and this achievement, which covers everything from the design and development of KEMP products and services to production, technical support and customer service, reinforces the company’s commitment to delivering the highest levels of quality, customer experience and a truly world class service.
http://kempte.ch/1nIATCr
Today, we are pleased to announce another great milestone in the ongoing development of what we believe to be the best Load Balancer and ADC in the marketplace, that we have achieved an ISO 9001 certification. ISO 9001 is the world’s most widely recognized standard for Quality Management Systems (QMS) and this achievement, which covers everything from the design and...
1
Add a comment...
 
I've put out a call for translators of the OWASP Application Security Verification Standard 3.0! If you can assist in translating the standard into your language, that would be great, particularly if English is not commonly spoken in your country.

You can get the original here, and log issues:
https://github.com/OWASP/ASVS

I've committed v3.0.1 into GitHub and uploaded it to Crowd In:
https://crowdin.com/project/owasp-asvs/

You don't HAVE to use Crowd In, but it would be nice to indicate to other native speakers of your language that you are willing to work together.

This is a 70 page document, and in all honesty, will take a dedicated person a week or more to translate, so please please please work together rather than apart. You have full access to the original document and the original images, so you have everything I have.

In the next month or so, I want to close out all the issues logged in GitHub, so I will give active translators a heads up of any changes to the master document, so again, a good reason to use Crowd In so I know who you are.

If there are any incomprehensible English idiom or phrases in there, please don't hesitate to ask for clarification, because if it's hard to translate, it's almost certainly wrong in English as well.
3
Brad Chesney's profile photo
 
Did you just volunteer to translate it into Australian?
Add a comment...
 
Thursday I spoke at the Columbus OWASP meeting on the topic "Analyzing (Java) Source Code for Cryptographic Weaknesses". Yesterday I just loaded the slide deck to the OWASP Education / Free Training link at https://www.owasp.org/index.php/Education/Free_Training
The ODP format includes detailed speaker's notes. Feedback appreciated. Enjoy.
3
1
yuri niddiot's profile photo
Add a comment...
 
OWASP Top Ten Series: Sensitive Data Exposure

What is Sensitive Data? There is an argument to be made for saying that all data is sensitive. Certainly some data which might be sensitive for one person, another person might not worry about posting on a blog or social media. In the context of data security however, sensitive data is usually classed as information relating to healthcare records, financial information (credit card details, banking details), personal information (address, date of birth, national insurance number, social security number), and user account information for IT systems.

http://kempte.ch/1RoYzUR
What is Sensitive Data? There is an argument to be made for saying that all data is sensitive. Certainly some data which might be sensitive for one person, another person might not worry about posting on a blog or social media. In the context of data security however, sensitive data is usually classed as information relating to healthcare records, financial...
1
1
yovana puma's profile photo
Add a comment...
 
Check out updates from us in AppSec 2015 USA San Francisco
1
Add a comment...
 
Hello, is the #DevGuide project still alive? When will be the new version released?
1
Steven van der Baan's profile photoZdeněk Seidl's profile photo
4 comments
 
👍😉
Add a comment...

Gaurav Pawaskar

Discussion  - 
 
Some thoughts about input type password
1
Add a comment...

Paweł Płocki

Cloud Security  - 
 
Man-in-the-Cloud (MITC) Attacks Developed to Hack Cloud Accounts http://www.hackinsight.org/news,422.html
Popular cloud storage services such as Google Drive and Dropbox can be abused by hackers running Man-in-the-Cloud (MITC) attacks.
1
Add a comment...

Ole Aass

Discussion  - 
 
 
Created a scoreboards page which shows stats for ctf's, wargames, boot2roots, etc I am currently, or have been playing
1
yuri niddiot's profile photo
 
would like to know if you have a homepage i tried leak.db but i am missing a dependency or something need more ifo
Add a comment...

About this community

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Website: www.owasp.org
 
So very pretty. We had a light shmear of cloud which prevented good eyeball observations here.
 
"Geminids of the South" is NASA's Astronomy Picture of the Day http://antwrp.gsfc.nasa.gov/apod/ap151217.html
A different astronomy and space science related image is featured each day, along with a brief explanation.
1
Add a comment...

Brett Young

Discussion  - 
 
OWASPers, I've started a community for discussions about using open-sourced solutions for process control networks and their supporting infrastructure. Join!
Open ICS Project
Open Source for Industrial Control Environments
View community
2
Add a comment...
 
Hy everyone . I'm looking for a draf of pentesting report and web pentesting report . I searched on web but I didn't find some goods. If it's in English no problem for me! Thanks for all your answers. Bye 
1
Justin Searle's profile photoClaudio Kuenzler's profile photo
2 comments
 
You could also use the "Penetration Testing Guidance" document from PCI to use as a reference what your report should contain. 
Add a comment...

Sem Sinatra

Discussion  - 
 
What is the best paid for vulnerability testing software? Is it Nessus?
1
Appknox's profile photoSem Sinatra's profile photo
4 comments
 
Thanks but I'm not looking for mobile app testing related.
Add a comment...
 
Busy month at OWASP - don't forget to vote in this years election (9) candidates (4) slots

http://lists.owasp.org/pipermail/owasp-leaders/2015-October/015320.html
2
Add a comment...

Mike Gifford

Discussion  - 
 
This is a general guide for Drupal that we've put together. We're looking for input though to make it better. If you've got suggestions for things we can improve the document is also on GitHub. 
The need for government security has never been higher, but unfortunately decades of bad assumptions have lead to many government websites being very vulnerable to attack.
1
Hans Wolters's profile photo
9 comments
 
To be more precise -L list the chains, not sure but I assume a space will list them all. The manpage is not clear about this. It might also see the next argument is listed as a parameter for iptables and it therefor decides to list all of them.
Add a comment...

Ole Aass

Discussion  - 
 
 
Migrating my blog brings back some fun memories. 
While searching around the web for new nifty tricks I stumbled across this post about how to get remote code exeution exploiting PHP's mail() function. Update: After some further thinking and looking into this even more, I've found that my statement about this only being possible in really rare cases
1
1
Flint Gatrell (N0FHG)'s profile photo
Add a comment...
 
New vlog series on how to do secure code reviews, first two episodes up:

https://www.youtube.com/playlist?list=PLMsh46O_B5Q9pPXPbxpTwr49VWLpPaixJ

In these two eps, I discuss how to what is the Application Security Verification Standard 3.0, and how to setup a virtual secure code review environment. Future episodes will go into engagement management, client communications, and then a deep dive into each ASVS requirement from a code review point of view.
3
3
Jose Miranda's profile photoTanisha L. Turner's profile photo
Add a comment...

Ole Aass

Projects  - 
 
 
This is a small script I made after I started with ROP. I found that I was constantly searching Google for information about instruction sets. After I found this website ( http://x86.renejeschke.de/ ) I decided to make a small script to look...Read more
1
Add a comment...