OWASP August 19 Connector

August 19, 2014 | | www.owasp.org | Contact Us | Brought to you by the OWASP Foundation Featured OWASP Project OWASP Web Spa Project The OWASP WebSpa Project is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated Operating System (O/S) command. It provides a cryptographically protected "open sesame" mechanism on the web application layer, comparable to well-known port-knocking techniques. For more information, please contact the Project Leader, Oliver Merki. New OWASP Projects OWASP Rainbow Maker Project OWASP Rainbow Maker is a tool aimed to break hash signatures. It allows testers to insert a hash value and possible keywords and values that might used by the application to create it, then it tried multiple combinations to find the format used to generate the hash value. For more information, please contact the Project Leader, Tal Melamed. OWASP KALP Mobile Project OWASP KALP Mobile App Project is for OWASP users around the world who want to access the Top Ten vulnerabilities on the go (on their mobile), download the Top Ten and Email it. This is light weight information of OWASP Top Ten. This will be an android application fetching database of vulnerabilities from OWASP server. Any new additions to cheat sheets and prevention cheat sheets will automatically accessible on the mobile app. For more information, please contact the Project Leader, Kishor Sonawane. Project Announcements From Daniel Cuthbert, Co-Project Leader of the OWASP Application Security Verification Standard Project It gives me immense pleasure to finally release version 2 of the Standard for all to enjoy. The community feedback on this has been overwhelming and it's great to see so many of you investing time and effort into what Sahba and I feel is an incredibly important OWASP project. As with all standards, I'm sure this will be made better as people use it and we welcome the additions. Again, a huge thanks to all the contributors who helped shape version 2 and I cannot wait to hear how this is being used. It can be downloaded from the ASVS page HERE Documentation Volunteers Needed for the OWASP Mantra OS The OWASP Mantra OS is looking for one or two volunteers to assist with documentation for the next release of Mantra OS. OWASP Mantra OS is a secure sandboxed operating system built for application testing and fast secure computing, built on a Ubuntu Core. If you are interested in helping the OWASP Mantra OS Dharma release, contact project leader, Greg Disney-Leugers OWASP Foundation Social Media LinkedIn Twitter Google + Facebook Ning StackOverflow Thank you to our new and renewed Corporate Members: HP - Premier Level Ranorex, and Arxan Honorary Membership applications now being accepted. CLICK HERE to find out if you qualify for Honorary Membership Deadline to submit your application is September 30, 2014. . Global AppSec Events in 2014 AppSec USA 2014 (September 16 - 19, Denver, CO) Keynotes announced! Steve Crusenberry, Gary McGraw, and Bruce Schneier Sponsorship opportunities are still available. Training sessions now posted HERE Member Event Registration Public Registration, Upcoming Regional Events AppSec Israel 2014 (September 2, 2014, Herzliya. Israel Boston Application Security Conference (BASC) (October 18, 2014, Cambridge, MA) CALL FOR PAPERS OPEN LASCON 2014 (October 21 - 24, Austin, TX) Partner and Promotional Events OWASP has partnered with these great events in beginning of 2014 to grow our community and build awareness around software security. If you want to learn more about OWASP's involvement or will be attending and want to help out contact us Fraud Summit Toronto, (Sept 8, 2014) Toronto, Canada. (ISC)2 Security Congress, (Sept 22 - Oct 2), OWASP Members save $355 off of the non-(ISC)2 Member Full Conference Pass. Attendees can expect over 80 educational sessions designed to strengthen cybersecurity defenders, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. EC-Council Hacker Halted(October 12-17, 2014) Atlanta, GA ISSA International Conference (October 22-23), 2014, Orlando, FL Suits & Spooks, (December 14), Singapore. OWASP LATAM HANGOUT - Proyecto de Seguridad Movil (en espanol) When: Wed August 27, 2014, 12:pm - 1pm (EDT) Where: Google Hangout Link Who: Mauricio Urizar Franco y Walter Cuestas Agramonte What: Complete details of the talk and profiles of the presenters can be found on the Global OWASP Calendar. 2014 Global Board of Directors Election 2014 Board Elections page Our Call for Candidates is now closed! Below is a list of the 2014 candidates Abbas Naderi Afooshteh Israel Bryski Bil Corry Rowland Johnson Tahir Khan Timur Khrotko Matthew Konda Jim Manico Mateo Martinez Nigel Phair Andrew van der Stock Tom Brennan (withdrawn) CLICK HERE to view the candidates bio and "why me?" information in a Google Document CLICK HERE to view the OWASP Election page The next step is, the candidates will conduct individual interviews answering questions from the community. Anyone can submit a question(s), vote up or vote down existing questions. The top 5 to 6 questions will then be used for each candidate's interview. If you have a question you would like to submit, please do so here. For a complete Election Time line, Click Here 2014 WASPY (Web Application Security People of the Year) Member voting is open until Friday, August 22, 2014 OWASP members should have received a notification and a link to cast your vote from our voting provider, Simply Voting. This is YOUR opportunity to recognize another in our community for their outstanding efforts, so be sure to congratulate all the nominees and cast your vote for the one nominee in each category who will be publicly recognized in during an awards ceremony at AppSec USA in Denver. You can read all about the nominees HERE OAS and OWASP Sign Agreement on Cyber Security The General Secretariat of the Organization of American States (OAS) recently signed a Memorandum of Understanding with the Open Web Application Security Project (OWASP) to facilitate a closer level of collaboration on the issue of cyber security and allow each partner to reach a broader audience. CLICK HERE to read the complete press release! Just for Fun Congratulations to Robin Wood who was the first person to solve last week's challenge: Answer: The Rose Red City is 7 billion years old. Click here to view last issue's puzzle Here is this issue's challenge... Imagine that you have some wooden cubes. You also have six paint tins each containing a different color of paint. You paint a cube using a different color for each of the six faces. How many different cubes can be painted using the same set of six colors? Remember that two cubes are different only when it is not possible, by turning one, to make it correspondent with the other. Send your answers to our comment desk for a chance to win a prize. Winners will be announced in the next connector.