Monday, July 17, 2017

July 2017 Corporate Members

July 2017 Corporate Member

We would like to thank Peach for supporting the OWASP Foundation.  
Peach has contributed this month by joining OWASP as a new Corporate Member.  

Details about Corporate Membership can be found here.

Contributor Corporate Member

Peach Tech provides advanced security testing solutions and leading-edge products, such as the innovative + automated Peach APISecurity: Peach API Security intelligently executes a series of fuzz tests and passive security tests on your web APIs. Comprehensive test results empower your team to mitigate security vulnerabilities. Each uncovered vulnerability includes actionable data. Peach APISecurity supports many CI systems and test suites, and transforms unit tests into security tests. We also developed the robust fuzzing platform Peach Fuzzer. We customize testing strategies for security-minded clients engaged in all stages of development. Leverage the power of Peach Tech to secure your world.

For more information, please visit:

Want your company name here? 
Find out how by visiting our Corporate Member information page, or contact Kelly Santalucia, our Membership & Business Liaison today!  

Thank you to all of our Premier and Contributor Corporate Members for your support!

Wednesday, July 5, 2017

2017 WASPY Nominees Have Been Announced!

We are excited to announce the 2017 WASPY Award nominees have been announced!

We had a tremendous amount of nominations this year. Thank you for nominating your favorite WASPY!

Best Community Supporter Category Nominees Are...
Aatral Arasu
Sean Auriti
Nicole Becher
Ken Belva
Tony Clarke
Dinis Cruz
Christian Folini
Joaquin Fuentes
Brendan Gormley
Tanya Janca
Jeremy Long
Akash Mahajan
Dhiraj Mishra
Denise Murtagh-Dunne
Owen Pendlebury
Mick Ryan
Sriram Shyam 
Michelle Simpson
Steve Springett
John Vargas
Tara Williams

Best Mission Outreach Category Nominees Are...
Aatral Arasu
Sean Auriti
Tony Clarke
Christopher Frenz
Joaquin Fuentes
Tanya Janca
Kitisak Jirawannakool
James Manico
Mateo Martinez
Mark Miller
Dhiraj Mishra
Owen Pendlebury
Sriram Shyam
Noreen Whysel

Best Innovator Category Nominees Are...
Aatral Arasu
Sean Auriti
Glenn & Riccardo ten Cate
Mark Deenihan
Seba Deleersnyder
Christopher Frenz
Joaquin Fuentes
Brian Glas
Evin Hernandez
Jeremy Long
Daniel Miessler
Dhiraj Mishra
Bernhard Mueller
Steve Springett

Best of luck to all the nominees!

More information about the WASPY Awards can be found here.

Monday, July 3, 2017

OWASP Code Sprint 2017 - Student Selections

OWASP Foundation is pleased to announce the student selections for the OWASP Code Sprint 2017 There were 32 student proposals submitted and it was a very challenging decision to only select 14 Student Slots.

Below are the Student Selections by Project:

OWASP Hackademic Project 
Student Selection:  Pavlos Zianos

OWASP DefectDojo Project
Student Selection: Eric Anderson

OWASP Appsensor Project
Student Selection: Rutuja Surve

OWASP Security Knowledge Framework  Project
Student Selections:  Wojciech ReguĊ‚a & Heeraj H Nair

OWASP ZCS Tool Project
Student Selection: Nikhil R

Student Selections: Anamika Das & Blay Kevin Cedric Achi

OWASP Bug Logging Tool
Student Selections: Mohit Anand, Raghav Jajodia & Siddharth Goyal, Sourav Badami

Student Selections: Anshul Singhal & Tikam Alma

More Mentors Welcomed
Do you want to become a mentor for a student?
Choose a participating OWASP project from the OWASP Code Sprint 2017 

Thank you to all the students that have submitted applications.

Program Leaders:
Kontantinos Papapanagiotou
Fabio Cerullo
Spyros Gasteratos

Claudia Aviles Casanovas, Project Coordinator

Sunday, July 2, 2017

OWASP Operations Update for July 2017

Welcome to the operations update for July 2017, the ongoing series of updates on what's happening at the OWASP Foundation.  Last month's post is available here.

In a bit of a departure from previous formats, we're starting with an announcement you may have already heard - OWASP Foundation employee #1 and #2 have left OWASP.  Alison (November 2007) and Kate (May 2008) had their last days at OWASP on Friday, June 30th.  The entire OWASP community owes a huge debt of gratitude to these two employees who helped turn a scrappy group of AppSec people into the thriving community that is OWASP today.  They've dealt with problems great and small while always keeping the OWASP core values in mind and seen drastic changes from:

  • Discovering there wasn't a signed contract for a venue a week out of start of AppSec USA 2008 in NYC
  • Hosting AppSec conferences in the US, EU, LATAM, APAC and many, many regional events
  • Staff growing from an accountant to 8 (and now back to 6)
  • Spreadsheets to Salesforce to over 10,000 community submitted cases worked
I"m not sure how you do this in a blog, but here goes:  <silence>moment</silence> 

Please thank them for all their hard work over a decade and, if you see them in person, treat them to the beverage of their choice.  Now back to our regularly scheduled blog post...

OWASP IT Infrastructure Hosting - Modernizing and migrating the OWASP infrastructure 
  • Remaining hosts at Rackspace: OWASP wiki, Mailman server, Virtual-host server providing redirects and static content
    • These are on hold until staff is back to full strength
  • For the current status, see last month's update.
The Website Reboot - aka TWR - a major effort to update and modernize the OWASP web presence
  • Phase 1 is complete
  • Phase 2, 3 and 4 are in process
  • These are oh hold until staff is back to full strength
  • For the current status, see last month's update.
The OWASP Communication Plan 
  • Discourse as a replacement for Mailman
    • On hold until staff is back to full strength
    • For the current status, see last month's update
  • Beta program for the Foundation's Global Meetup account continues
OWASP 2017 Strategic Goal 
  • TLDR: Host 4 trainings worldwide of ~500 attendees geared toward developers and entry-level security professionals - further details on the wiki.
  • 4 locations finalized: Israel, Tokyo, Boston, Bangalore
  • Call for Trainers anticipated to launch mid-July
Association Management System (AMS)_Upgrade 
  • Highly complex multi-step process taking 8 to 12 weeks
  • 95%+ complete
    • Membership, Renewals, Conference Registration, Multi-currency support, reduced need for discount codes and many more improvements
  • A few minor issues, tweaks, changes and bugs to work through before 100% complete
  • AppSec USA 2017
    • CFP and CFT closed - Speakers and Trainers notified by July 5th
    • Final schedule upload to is nearly complete
    • Loads of final details being hammered out
  • AppSec EU 2018
    • Finalizing Gantt Chart
    • Conference budget built out
    • Multiple RFPs out for bid
  • AppSec APAC 2018 - proposal under review
  • 59 Corporate Members
    • $180,000 (45% of yearly goal)
  • 2,733 Individual Members
    • $69,335 (63% of yearly goal)
  • 2017 WASPY Awards
    • Call for nominees closed on June 30th
    • 32 submissions excluding any last minute additions
  • 2017 Global Board of Directors Elections
    • 16 candidates as of June 30th
    • Milestone reminders are being sent to the community
  • Developer Summit at AppSec USA 2017
    • Looking for trainer/volunteers to present at this event!
  • Blackhat USA 2017
    • Kelly and Matt will be attending at the OWASP booth representing the OWASP staff
    • Volunteer slots have all been filled to help with the booth
    • Swag and other booth items ordered and will be shipped to the event
  • The first of several volunteer portal surveys is going out early July
  • Presentation from the Leaders Meeting at AppSec EU 2017
  • OWASP Summit in London retrospective
    • EU chapter leaders raised concerns about chapter legal status in the EU
    • EU VAT/tax issues were also raised
    • Storage of physical assets of chapters is a growing concern
    • Leaders would like reimbursement system to include standardized budget codes
    • Spanish translation of the chapter orientation is in progress
Serving the Community 

Per the request of the OWASP Board, we've included these charts of the staff's interaction with the broader OWASP community via submitted cases to the Foundation.  We passed the 10,000 case mark in early 2017.

Cases for 2017

As always, the OWASP staff are here to make the OWASP community even stronger.  If you have a question, concern or need something please let us know by using the 'Contact Us' form.  Also, feel free to attend, suggest or otherwise engage the OWASP Foundation further at the July 5th Board meeting.

Your friendly neighborhood OWASP staff:
  Kate, Kelly, Alison, Laura, Claudia, Tiffany, Dawn and Matt