Thursday, March 31, 2016

OWASP Connector Newsletter - March 31, 2016


Communications

Virtual Training Platform Available

You ask and OWASP delivers!

We're excited to announce that The OWASP Foundation has added the GoToTraining platform to our arsenal of virtual tools. GoToTraining lets you take advantage of an interactive learning environment where you can post materials (pre course materials, videos, images, class resources), give tests, take polls, and execute small group activities. Classes can be limited in the number of attendees or host as many as 50 students.

We would like to begin to schedule training sessions for delivery as early as April. Do you have a 1 to 4 hour class you would like to present?

Popular Topics for OWASP Training are (in no particular order)

  • XSS
  • XSS Filter Evasion Cheat Sheet
  • XSS Prevention Cheat Sheet
  • ZAP
  • SQL Injection
  • SQL Injection Prevention Cheat Sheet
  • Testing for SQL Injection
  • CSRF (Cross-Site Request Forgery)
  • CSRF (Cross-Site Request Forgery) Prevention Cheat Sheet
  • and of course, The OWASP Top 10

For Q2, all trainings will be recorded and made available through the OWASP YouTube Channel and links to the recordings will be posted on the relevant pages on the wiki.

If you are a trainer in a non English speaking country and would like to host a training in another language, that would be fantastic!

Any interested trainers, please CONTACT US or reach out to Kate Hartmann directly.

As always, thank you for all you do!

Annual Report Call for Content

The OWASP Foundation is looking for exciting and illustrative success stories from YOU, the community for inclusion in our 2015 Annual Report. This yearss theme is simply: Growing, Learning, Sharing, Leading.

Tell us how you and your team worked to spread the OWASP mission in 2015. Here are some ideas but feel free to be creative!

  • How did your local/regional/global collaborate spread security awareness?
  • What types of educational outreach did you and/or your team accomplish?
  • How did you and/or your team leverage the OWASP platform to inspire non security professionals to turn their attention to application security?
  • Where did you leave a BIG OWASP footprint?
  • How did YOU benefit from the different facets of the OWASP platform?

Submit your content - articles, pictures, ideas by April 14, 2015. This is your opportunity to share with the world why you participate. We want everyone to contribute! Everyone's story is important to the Foundation. Become globally famous by submitting your picture and/or brief bio so we can be sure to give you credit for your contribution. Of course, you may also request to remain anonymous if you prefer.

Act Now to Qualify for an Honorary Membership in 2016

Purchase or renew your OWASP Individual Membership for a chance to win!

Anyone who purchases a new individual membership, renews their existing individual membership or submits & are approved for an Honorary* Membership between April 1, 2016 and June 20, 2016 will be entered into a raffle to win a prize! Join or Renew today!

The raffle will be held June 22, 2016. Winners will be notified and results posted the same day. Prizes include and will be raffled off in this order:

One (1) Amazon gift card (value $50/USD)
One (1) AppSecEU 2016 conference ticket (value 600€)
One (1) AppSecUSA 2016 conference ticket (value $995)

*Honorary Membership is now available year round ​starting ​April 1​, 2016!

To learn more about Honorary Membership and to see if you are eligible, please visit our Honorary Membership page here. Submissions will be reviewed and verified by OWASP.

OWASP in the NEWS!

How to Hack an App: 8 Best Practices for Pen Testing Mobile Apps - Tech Beacon 3/21/2016

OWASP Releases Software Assurance Maturity Model (SAMM) - PR Newswire 3/16/2016

Black Duck's Open Source 'Rookies of the Year' 2015 - ComputerWeekly 3/16/2016

mHealth App Security is a Myth, New Survey Finds - mHealth Intelligence 3/14/2016

Google offers app to help companies assess their vendors' security - Networks Asia 3/11/2016

OWASP Podcasts

OWASP Projects and activities are often the subject of webcasts and podcasts. Sit back and relax as you watch and listen to these recent episodes.

Active Deception as a Methodology for Cybersecurity w/ Lawrence Pingree from Gartner

DevOps, Security and Engineering at Slack with Slack's Senior Staff Security Engineers Leigh Honeywell And Ari Rubenstein

Security War Games with Sam Guckenheimer at Rugged DevOps RSAC 2016

Guns, Germs and Steel at RSAC 2016 with John Willis

Equal Respect: Women in Technology with Chenxi Wang

projects

Google Summer of Code Needs Mentors

We are calling out for more mentors to get involved. We have 81 Proposals and need your participation.

Become a Mentor:

Do you want to become a mentor for a student?

Choose a participating OWASP project from the wiki page listed below preferably the one you are most familiar with. Link: https://www.owasp.org/index.php/GSOC2016_Ideas

Touch base with the project leader and ask one of the org admins (Claudia, Kostas or Fabio) to send you an invitation and get you started today.

Please let us know if you need help or supporting material.

Thank you in advance for your time and look forward to your participation.

Konstantinos Papapanagiotou
Initiative Leader

Fabio Cerullo
Initiative Leader

Claudia Aviles-Casanovas
Project Coordinator 
Phone:973-288-1697

OWASP Security Knowledge Framework is Black Duck's Rookie of the Year


We are thrilled, excited and really happy to announce that the OWASP Security Knowledge Framework has won the Rookie of the Year awards and honorable mention from Black Duck!

We want to thank everybody that helped us achieving this award especially the contributors and OWASP.

More information about the BlackDuck award can be found here: https://info.blackducksoftware.com/OpenSourceRookies2015.html.

This is a great milestone for OWASP and the SKF team!

Pycon

PYCON 2016 is coming to the Rose City in Portland, Oregon on May 28th - June 5th!
OWASP Developer Survey ranked PyCon #2

Opportunities to attend in behalf of OWASP

Sign-up Today!


PyCon 2016 has offered us the option to participate and contribute to their Open Spaces and Sprints.

Open Spaces
Open spaces are a way for people to come together to talk about topics, ideas, or whatever they like. They offer groups the ability to self-gather, self-define, and self-organize in a way that often doesn't happen anywhere else at PyCon. Any subject that two or more attendees would like to talk about is a candidate for an Open Space.

How Do I Participate In An Open Space?
It's pretty easy: Just show up :)


During PyCon, there will be Open Spaces boards somewhere near the registration desk. The boards acts as a time table for all the Open Spaces, so you know where and when to go for the Open Spaces you're interested in. If a topic is not listed yet, find an open time slot and add it! Open Spaces topic cards are included in the goodie bag you receive at registration.

What Open Spaces Are There?
There are Open Spaces on many subjects a bunch of PyCon attendees would like to discuss. Since the PyCon attendees are a diverse bunch, so are the Open Spaces. In past years, we've had a mani/pedi party, a feminist hacking space, an AcroYoga space, and a board games room. There's also plenty of the usual suspects of technical subjects, from computer security to your favorite Python project to professional occupations like DevOps.

Where And When Are The Open Spaces?
The Open Spaces are in a set of of dedicated rooms during all three of the conference days (Monday 5/30, Tuesday 5/31, Wednesday 6/1). The rooms may be needed for other events during portions of some days; please consult the Open Spaces boards for the final word on what's going on where.

How Do I Host An Open Space?
For PyCon 2016, we will be using the Open Space cards that were re-introduced a few years back. These are small postcard sized cards with a short explanation of what Open Spaces are. The back side of that card is for hosting Open Spaces. Just fill in the name and a short description of your Open Space, and then pin your card on the Open Space board in the room and time slot you want. It's also a great idea to add your Twitter handle to the card in case anyone interested in attending your Open Space has a question or would like to contact you about it. The cards will be made available in the goodie bag which you will receive at registration. Extra cards will be available at the Open Spaces boards. In order to promote your Open Space we encourage you to tweet about it and use the hashtag #PyConOpenSpaces to make sure people see your tweets.

Planned Open Spaces
If you have an idea for an Open Space, and a time when you want to meet, list it here on this page. It's also useful to add an approximate time slot if you have any preferences, so that attendees know where to look for your Open Space on the Open Spaces boards.

Development Sprints
Thursday, June 2nd 2016 - Sunday, June 5th 2016

Development sprints are a key part of PyCon, and a chance for the contributors to open-source projects to get together face-to-face for up to four days of intensive learning, development and camaraderie. Newbies sit with gurus, go out for lunch and dinner together, and have a great time while advancing their project.

What's New with the Sprints by Naomi Ceder
What are development sprints & why you should attend! by Kushal Das
What's so special about Sprints? by Naomi Ceder
What's A Sprint?

Come for PyCon, stay for the sprints!

PyCon Development Sprints are four days of intensive learning and development on an open source project of your choice, in a team environment. It's a time to come together with colleagues, old and new, to share what you've learned and apply it to an open source project.

In the crucible of a sprint room, teaming with both focus and humor, it's a time to test, fix bugs, add new features, and improve documentation. And it's a time to network, make friends, and build relationships that go beyond the conference.

PyCon provides the space and infrastructure (network, power, tables & chairs); you bring your skills, humanity, and brainpower (oh! and don't forget your computer).
Please sign up on the PyCon 2016 Sign Up Sheet. If you are interested in attending in behalf of OWASP.

XML External Entities Resources Cleanup

A great deal of work has gone into cleaning up and updating the OWASP Wiki XXE ( XML External Entities) resources. Here are the two main updated resources.

XXE Prevention Cheatsheet
https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Prevention_Cheat_Sheet

XXE Vulnerability page
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Thank you to Dave Wichers for leading the charge on XEE as well as John Passki and Xiaoran Wang for their work in this area.

Project Releases: Code Review Guide 2.0 Alpha and Dependency Check v.1.3.5

Code Review Guide 2.0 Alpha Released

The alpha release for the Code Review Guide 2.0 has been released. Please see the project page for more details. plus a shout out to the Long Island OWASP group for helping with a working session.
https://www.owasp.org/index.php/Code_review

OWASP Dependency Check v.1.3.5 Released

The OWASP dependency-check team is pleased to announce the release of version 1.3.5! Thanks to all those who have used the tool and provided feedback via the discussion group and issues in github. A special thanks goes out to those that have submitted pull requests! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin).
https://www.owasp.org/index.php/OWASP_Dependency_Check

Conference

AppSecUSA2015_banner 2

Registration, Call for Papers and Call for Training is Open for
AppSecUSA 2016 Conference in Washington, D.C.

Submit your application today!

The Open Web Application Security Project’s 13th Annual AppSecUSA Conference will take place in Washington, D.C. fromOctober 11-14. There are four exciting ways to participate!
 
  • Register as an attendee and learn about the latest breakthroughs in application security
  • Speak about a cutting edge topic in the industry. Submit a speaking application today
  • Teach about a web application security topic that is important to you. Submit a teacher training application
  • Lightning Talk. Not ready to speak for a full hour but would like to share your knowledge? Apply to be a Lightning Talk speaker and give a brief 15 minute talk

See you in Washington, D.C.!


OWASP is a non-profit organization with the mission of making application security visible so individuals can make informed risk decisions.

AppSecEU University Challenge

The University Challenge is a competition among teams comprised of university students that will be held on June 28th and 29th 2016, during the training days of the conference. There is no admission fee for the University Challenge - participation in the conference is possible at the student rate if applicable. This years UC is a two stage challenge:

Day 1: Capture The Flag (CtF), solving hacking challenges.
Day 2: Offense/Defense (Blue/Red Team), defending your vulnerable web application whilst attacking the application of the other teams.

This year the OWASP University Challenge will be limited to 10 teams. Teams will consist of 4-8 students, with one team per university. All team openings are on a first come first serve basis. If multiple teams are received from the same university the second team will be put on a wait list.

Please register your time via this link (Google web form): http://goo.gl/forms/AN6uPS4vAG.

Global AppSec Events

AppSec Europe 2016, 30 June - 1 July, 2016, Rome, Italy. Call for Lightning Trainings closes April 30. Call for Activities closes April 30.

AppSec USA 2016, 11 October - 14 October 2016, Washington, DC

Local and Regional Events

Latam Tour 2016, April 7, 2016 - April 22, 2016, Latin America

AppSec ASIA 2016, May 19, 2016 - May 22, 2016, Wuhan, China

AppSec PH 2016, August 26, 2016 - August 28, 2016, Philippines

Project Summits

OWASP SAMM Summit 2016, April 20-21, 2016, New York, USA

Partner and Promotional Events

Blackhat Asia 2016: March 31 - April 1, 2016, Marina Bay Sands Singapore, OWASP members receive a $200/USD discount on Briefings with discount code: OWBR0316

Cyber Security Summit Atlanta, April 6, 2016, The Ritz-Carlton, Buckhead, Atlanta, GA. The first 50 OWASP members will receive 50% off the summit ticket price by using discount code OWASPEXEC

The Cyber Security Summit, April 6 - April 7, 2016, Prague, Czech Republic. A limited amount of 10 seats are available for OWASP members for only € 299. For further questions, please contact Ms. Tatiana Buranska tatiana.buranska@ebcg.com +421-2-32202282

Connected Security Expo, April 6 - April 8, 2016, Sands Expo Las Vegas, NV

QuBit Conference, April 12 - April 14, 2016, Grandior Hotel Prague. OWASP members can save 10% by using their OWASP email address and discount code: OWASP*2016

Cyber Security Summit Dallas, May 3, 2016, Omni Dallas Hotel Dallas, TX, USA

13th Annual CISO Europe Summit & Roundtable 2016, May 10 - May 13, 2016, Copenhagen Marriott, Denmark. OWASP members save 20% by registering with your OWASP email address and discount code: OWASP2016

ONE2ONE SUMMIT, May 23 - May 25, 2016, Hotel Monteleone, New Orleans, LA

Hack in the Box: May 26-27, 2016, Amsterdam, The Netherlands

SC Congress Toronto: June 1, 2016 - June 2, 2016, Metro Convention Center Toronto, CN. Register today for an exclusive OWASP Member discount of $125. Full Conference pass sells for $350 Use the discount code - OWASPMEM

Techno Security & Forensics Investigations Conference / Mobile Forensics World: June 5 - June 8, 2016, Myrtle Beach, SC, OWASP Members save 30% by using your @owasp email address and discount code: OWASP16

Cyber Security Summit DC/Metro, Virginia, June 30, 2016, The Ritz-Carlton, Tysons Corner

ICCS 2016: July 25 - July 28, 2016, Fordham University at Lincoln Center, New York, NY

Black Hat USA 2016: July 30 - August 4, 2016, Las Vegas, NV

DevCon5, August 1 - August 4, 2016, New York, NY

BSides Las Vegas: August 2 - August 3, 2016, Las Vegas, NV

ICCS 2016, August 13 - August 14, 2016, Rajasthan, India

Cyber Security Summit Chicago, August 25, 2016, Hyatt Regency Chicago

ONE2ONE SUMMIT: September 14 - September 16, 2016, Boca Beach Club, Boca Raton, FL

Cyber Security Summit New York, September 21, 2016, Grand Hyatt New York

(ISC)2 Security Congress EMEA 2016: October 18-19, 2016, Croke Park Stadium Dublin, Ireland

Cyber Security Summit Los Angeles, October 27, 2016, Fairmount Miramar Hotel

Ads are not endorsements and reflect the messages of the advertiser only.They represent co-marketing arrangements
with other organizations in support of the OWASP Community.   CLICK HERE for more information on advertising.
Qualys ICCS 2016, July 25-28, 2016, Fordham University, New York, NY, USA Black Hat Asia 2016, March 29-April 1, 2015, Marina Bay Sands, Singapore


chapters

New Chapters

Chapter Restarts

  • India (regional coordinators): Milan Singh Thakur (milan@owasp.org) and Nitin Pandey (nitin.pandey@owasp.org) join as leaders, replacing Dhruv Soi and Nitin Saxena who have served in that role for many years. Thanks!

Transitions


New Student Chapter


Academic Supporters


Learn more about our Student Chapters and Academic Supporter programs.

Notable Chapter Activity


OWASP Day 2016 in Tokyo


OWASP Nigeria hosts its first meeting in Lagos.


OWASP Kerala holds a series of meetings at four universities.

Share Your Stories!

We at the OWASP Global Foundation are looking forward to hearing about more such events in future. Share your chapter's successes! Submit your stories to support@owasp.org

OWASP Membership is a great way to contribute to our local chapters and projects. A portion of your membership can be allocated to the chapter and/or project of your choice. Please show your support for OWASP Projects and Chapters by becoming an Individual or Corporate member today!

Membership

Membership Drive

As part of our overall 2016 Membership recruitment and appreciation program, we will be introducing a new incentive on April 1, 2016. Stay tuned!

Renewed Corporate Members (Premier Level)

  • Qualys

Renewed Corporate Members (Contributor Level)

  • Denim Group
  • Intelligent Environment
  • Symantec
  • Twitter
Become a Corporate Supporter. Find out how by visiting our Corporate Supporters information page.
Upcoming Partnership & Co-Marketing Events:

See https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference

Social Media

OWASP Social Media Site

Friday, March 11, 2016

March 2016 Community News Flash

March 2016 Community News Flash
In this Issue:
  • MENTORS WANTED: Google Summer of Code 2016!
  • PROJECTS: SAMM Summit in NYC, Plus More Project News and Releases
  • CHAPTERS: New Chapters, Leader Transitions, Latest Chapter Activity
  • EVENTS: AppSec Europe and Other Upcoming Local and Regional Events
  • RESOURCES: List of Resources in this Issue

MENTORS WANTED: Google Summer of Code 2016!

OWASP has been selected as a Mentor Organization for
Google Summer of Code 2016!

We need your help in a making this program a success and the more mentors the more slots for OWASP!

Students will start applying for projects on March 14th but a lot of them are already exploring ideas on our corresponding wiki page: https://www.owasp.org/index.php/GSOC2016_Ideas

How you can get involved:
If you are a project leader and would like for your project to participate add your idea on our GSOC 2016 Idea wiki page ASAP!


Become a Mentor:
Do you want to become a mentor for a student?


Choose a participating OWASP project from the wiki page listed below preferably the one you are most familiar with.

Link: https://www.owasp.org/index.php/GSOC2016_Ideas


Touch base with the project leader and ask one of the org admins (Claudia, Kostas or Fabio) to send you an invitation and get you started today.

Help OWASP Invite Students:
Are you somehow affiliated with a university? Get in touch with students, inform them about the program and how they can participate with OWASP. Please direct students to the wiki page for details: https://www.owasp.org/index.php/GSoC


Please let us know if you need help or supporting material.

Thank you in advance for your time and look forward to your participation.

Konstantinos Papapanagiotou
Initiative Leader


Fabio Cerullo
Initiative Leader


Claudia Aviles-Casanovas
Project Coordinator
Phone:973-288-1697


PROJECTS: SAMM Summit in NYC, Plus More Project News and Releases
SAMM Summit in NYC, April 20-21

We are excited to announce our second SAMM Summit on April 20-21 in New York!

The SAMM Summit is not a regular conference with speaking slots, but a summit "in OWASP Style (!)". We will work together in a 2-day sprint on SAMMv2.

If you are interested to contribute, you are most welcome!
  1. Either you bring in your knowledge of SAMM or other secure development methodology experience.
  2. Or as OWASP Project leader/contributor you research how we can better integrate SAMM with your project (and the other way around).
This is an excellent opportunity to influence the direction of SAMM and exchange experiences with your peers!

Testimonial from 2015:


"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company

In the next weeks/months before the Summit we will create the SAMMv2 Product Backlog as basis towards the on-site Summit 2-day sprint (keep an eye on our mailing list - https://lists.owasp.org/mailman/listinfo/samm).

For more information - check out the cool venue in SoHo! - and registration (free), goto: https://www.owasp.org/index.php/OWASP_SAMM_Summit_2016
Looking forward to see you in the Big Apple!

Kind regards,
SebaSAMM project

PS - feel free to forward this to people you think should participate! Or bring them in contact with me.


PPS - we are looking for sponsors for the Summit and SAMMv2 - feel free to contact Seba at seba@owasp.org for details.

Code Review Guide 2.0 Alpha Released

The alpha release for the Code Review Guide 2.0 has been released. Please see the project page for more details. plus a shout out to the Long Island OWASP group for helping with a working session.

https://www.owasp.org/index.php/Code_review

Mobile Top Ten 2016 Released

The OWASP Mobile Top Ten 2016 has now been released for review and commentary. We are asking OWASP members to briefly look at the list and fill out a quick survey to give feedback on what should change. Check out the release candidate here -- https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10. Fill out the anonymous survey here -- https://goo.gl/1evB4e%7Cthis. After ~30 days, we will review the survey responses, update the list, and release it along with the final content for each item.

Follow OWASP Mobile Top Ten on Twitter at https://twitter.com/MobileTop10.

OWASP Dependency Check v.1.3.5 Released

The OWASP dependency-check team is pleased to announce the release of version 1.3.5! Thanks to all those who have used the tool and provided feedback via the discussion group and issues in github. A special thanks goes out to those that have submitted pull requests! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Gradle Plugin, Jenkins Plugin).

OWASP 24/7 PodCasts

We now have 75 podcasts for your listening pleasure. Check these out!

DevOps, Security and Engineering at Slack with Slack's Senior Staff Security Engineers Leigh Honeywell And Ari Rubenstein

Security War Games with Sam Guckenheimer at Rugged DevOps RSAC 2016

Guns, Germs and Steel at RSAC 2016 with John Willis

Equal Respect: Women in Technology with Chenxi Wang

Created by Mark Miller, OWASP 24/7 Podcasts offer a great forum for getting an update on projects. Listen to interviews with project leaders at https://soundcloud.com/owasp-podcast.

CHAPTERS: New Chapters, Leader Transitions, Meeting Ideas for 2016

Notable Chapter Activity


On the heels of the recent Bsides event in Lagos, Nigeria, our OWASP Nigeria chapter held its first local chapter meeting in Lagos on February 13. The team posted some pictures on the OWASP Lagos Facebook page: on.fb.me/1TsBofq


OWASP Nigeria plans to hold another event in Lagos this April with a goal toward inviting more external speakers, growing participation via social media and finding additional ways to contribute to application security awareness outside Nigeria. Keep an eye on this chapter!

OWASP Kerala has been conducting regular awareness talks for students and public. Enjoy some pictures from the past 4 events we organized in the past month at:
  • Institution of Engineers, Kerala State Centre
  • Trivandrum Tamil Sangham
  • Sarabhai Institute of Science and Technology
  • TKM College of Engineering

The audience varied from students ( in the engineering Colleges ) to senior and retired engineers ( at Institution of Engineers ) to general public ( at Trivandrum Tamil Sangham ). We are happy to see that people are receptive to security awareness and there's great response from their side and repeated requests.

New Chapters

Restarted Chapters
Leader Transitions
There are many leader openings for chapters that have gone inactive, particularly in the Middle East and Africa. Go to the Volunteer page for a listing of open chapter leader positions: http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing

New Academic Supporters
New Student Chapters
Learn more about our Student Chapters and Academic Supporter programs.

Restarting an Inactive Chapter

If you are interested in starting or helping to restart a chapter that has gone inactive, please review the listings at the Volunteer Opportunities page of the wiki. If you are a current chapter leader and are having difficulty finding space, volunteers or funding to host a meeting, let me know. I can direct you to resources and funding to help you.

Also keep in mind you can view your Chapter's budget and available funds at the Donation Scoreboard:
https://docs.google.com/spreadsheets/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html

EVENTS: Upcoming AppSec Events

Registration for the European OWASP Conference 2016 NOW OPEN!

Be ready to register for this not to be missed event on security!

27 June - 1 July 2016


Registration for the European OWASP conference in Roma is now open.

Visit and Register on the OWASP AppSecEU conference site: http://2016.appsec.eu.
Remember that if you are interested in hosting an activity at OWASP AppSec-Eu 2016 in Rome, now's your time to submit your idea.

The OWASP AppSec Europe is interested in considering a variety of potential activities during and around the conference.

Host an activity, tech-and no-tech / social activities are welcome!
Here are some ideas: Capture the flag, Lockpick village, Bug Bounty event, or something else…

Submission Process
Submit your activity below. The conference team will review submissions on a rolling basis. Activities do not have to be free to be considered, however, the total cost and value of the activity will be a part of the review process.

The call for activities is open until April the 30th!

Link to submission form:
https://docs.google.com/a/owasp.org/forms/d/17S2hR_O9PVjzNyUm8goF-LhZJ9tTXmk4DUcome29RUg/viewform

Keep up to date on the latest news on the next OWASP AppSecEU. Visit the conference site: http://2016.appsec.eu/

The Open Web Application Security Project is an open-source project for application security. It boasts a strong global community with more than 45,000 participants, more than 55 corporate members and 20 academic supporters through 249 active local chapters in 6 continents and 97 countries.

More than 800 people are expected at the event, with 3 days of training followed by the 2-day conference.

More details on program and speakers will be sent in a forthcoming communication.

Global AppSec Events
Regional and Local Events
Project Summits
Partner and Promotional Events
Watch the AppSec Conference page for updated event listings. Be sure to enter your upcoming event into the OWASP Conference Management System so we can promote it and provide assistance.

RESOURCES

Project Inventory:
https://www.owasp.org/index.php/OWASP_Project_Inventory


Google Summer of Code 2016 Ideas:
https://www.owasp.org/index.php/GSOC2016_Ideas


Chapter Leader Handbook:
https://www.owasp.org/index.php/Chapter_Leader_Handbook


Funding Resources:
https://www.owasp.org/index.php/Funding


Donation Scoreboard - Current Chapter and Project Funding Allocations:
https://docs.google.com/spreadsheets/u/2/d/11acTOmtmBGq6-5CIGsjlEByU8POSGqda0r23VNnhEGQ/pub?hl=en_US&hl=en_US&output=html


OWASP Conference Management System:
https://www.owasp.org/index.php/Owasp_Conference_Management_System


CONTACT ME

Feel free to contact me at any time if you have a question or suggestion. To create a trackable case, please use the contact us form at http://www.tfaforms.com/308703.

Noreen Whysel
Community Manager
OWASP Foundation


Community Manager Open Hours on Slack:
Join the #AsktheCM channel Tuesdays from 10am-Noon EDT.
https://owasp.slack.com/messages/askthecm/