Wednesday, October 26, 2016

AppSecEu 2017 Call for Presentations and Training Now Open

The call for presentations and trainings are now open for AppSecEu 2017, which will take place in Belfast from May 8th to 12th 2017. OWASP's Global AppSec events serve a diverse audience of security professionals at all stages of their careers. We seek interesting perspectives and training to drive visibility and evolution in the safety and security of the world’s software.

Our topics of interest for talks include, but are not limited to the following:
  • Novel web vulnerabilities and countermeasures
  • New technologies, paradigms, tools
  • OWASP tools or projects in practice
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Browser security
  • Mobile security and security for the mobile web
  • Cloud security
  • REST/SOAP security
  • Security of frameworks
  • Large-scale security assessments of web applications and services
  • Privacy risks in the web and the cloud
  • Management topics in Application Security: Business Risks, Awareness Programs, Project Management, Managing SDLC
OWASP Trainings should be practical in nature--hands-on class will receive stronger consideration.  Topics of interest for include but are not limited to:
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Vulnerability analysis: code review, pentest, static analysis
  • Threat modelling
  • Mobile security
  • Cloud security
  • Browser security
  • HTML5 security
  • OWASP tools or projects in practice
  • New technologies, paradigms, tools
  • Privacy in web apps, Web services (REST, XML) and data storage
  • Operations and software security
  • Management topics in Application Security: Business Risks, Outsourcing/Offshoring, Awareness Programs, Project Management, Managing SDLC
While we understand that your submission might be a work in progress, we strongly encourage that all submissions be as thorough as possible to allow us to make the best decision.  The program committee will review your submission based on a descriptive abstract of your intended presentation. Feel free to attach a preliminary version of your presentation if available, or any other supporting materials.  Please review your proposal thoroughly as accepted abstracts and bios submitted will be published 1:1 on our site. If your presentation is accepted for inclusion in the conference program, you are free to submit a white paper describing your work, to be added to the website.                                                                                   
To ensure the best talks available are presented at AppSec Europe we are incorporating blind reading as part of our process. This means that names and job titles will be removed when the paper's abstract is being reviewed. Submissions for training will not be read blind.  All speakers will be given access to speaker mentorship, we especially encourage first time speakers to take advantage of this service.
Marketing and sales pitches will not be accepted in the talks or trainings.

Submit a Presentation
  • Submission deadline: January 9th, 2017
  • Notification of acceptance: February 6th, 2017
  • Conference days: May 11th – 12th 2017

Submit a Training
  • Deadline for proposals:  January 2, 2017
  • Notification to training providers: January 23, 2017
  • Training: May 8, 9, 10

Tuesday, October 25, 2016

Waratek Supports the OWASP Foundation as a Premier Corporate Member

Bel Air, MD – October 25, 2016 – The Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software, is pleased to welcome Waratek, a pioneer in the next generation application security solutions known as Runtime Application Self-Protection (RASP), as a Premier Corporate Member of OWASP.   

OWASP is an open community of over 46,000 participants dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.  OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor neutral with the collective wisdom of the best individual minds in application security worldwide.

Waratek, winner of the 2015 RSA Innovation Sandbox Award, is based on the belief that traditional security approaches are not enough to protect applications and customer data from today’s threats. Waratek’s solutions are based on virtualizing the runtime to provide protection against known and unknown vulnerabilities in current and legacy software.

“At a time when malicious attacks are intensifying and organizations increasingly rely on applications with known and vulnerabilities to fulfill their missions, OWASP is a vital part of defending the integrity of businesses and institutions,”  commented Waratek CEO Brian Maccaba. “We need strong DevOps and AppSec communities to ensure the safety and security of commerce.  We’re proud to help OWASP fulfill that role.”

Waratek’s support of OWASP included sponsorship of our recent OWASP AppSec USA 2016 Conference that took place in Washington,DC.  In a few weeks, all of the conference talks will be available for free on the conference site.

“OWASP receives one-third of its funding from Corporate Members and we are thrilled to have Waratek, Inc. as a Premier Corporate member,” stated Kelly Santalucia, Membership & Business Liaison of the OWASP Foundation. “Waratek’s contributions toward our AppSec USA 2016 event demonstrated strong support for our global initiatives, and we are hopeful that others will follow their lead in giving back to the community.”

The Open Web Application Security Project (OWASP) is dedicated to making application
security visible by empowering individuals and organizations to make informed decisions
about true software security risks. As a 501(c)(3) not-for-profit worldwide charitable  organization, OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor-neutral with the collective
wisdom of the best individual minds in software security worldwide.

For more information, visit: or follow us at: @owasp.

About Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.  Based on virtualization, Waratek’s solution is highly accurate, easy to install, simple to operate and does not slow application performance – while providing protection against known and unknown vulnerabilities in current and legacy software.

Waratek is based in Atlanta, Georgia and Dublin, Ireland.  For more information visit or follow us @Waratek.

Monday, September 26, 2016

ISSA Names OWASP the Security Organization of the Year

ISSA has named OWASP their Organization of the Year for 2016.  We humbly thank our incredible volunteers for making this possible through all of their hard work on OWASP Projects and in OWASP Chapters.  With such great people helping us create a more secure world we can't go wrong!

Congratulations to all of the other amazing winners, some of whom are also wonderful OWASP volunteers:

Chapter of the Year (100-200 Members):  ISSA Minnesota Chapter

Chapter of the Year (200+ Members): ISSA Capitol of Texas Chapter

Honor Roll: Richard Greenberg & Joel Weise

Organization of the Year: OWASP

Security Professional of the Year: Albert Marcella

Volunteer of the Year: Constance Matthews & Colleen Murphy

Hall of Fame: Gerald Combs & Jim Reavis

President’s Award for Public Service: Howard Schmidt

We cannot wait to see you in November at the Awards Luncheon  and ISSA Conference in Dallas. 

If you are interested in joining our thriving global community to drive visibility and evolution in the safety and security of the world’s software become a member and check out our projects or find your local chapter.

OWASP Bucharest AppSec Conference 2016 - October 6th

OWASP Bucharest team is happy to announce the OWASP Bucharest AppSec Conference 2016, a one day Security and Hacking Conference dedicated to the application security.
It will take place on 6th of October, 2016 - Bucharest, Romania at Sheraton Bucharest Hotel.
  • Conference talks are free however, you need to register.
The event will be in English, with cutting-edge topics presented by renowned security professionals: Daniel Kefer, Adrian Hada, Jacco van Tujil, Andrei Daniel Oprisan.

  • Workshops:
OWASP Top 10 vulnerabilities – discover, exploit, remediate
Increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.
Each type of vulnerability will be discussed and the attendees will practice manual discovery and exploitation techniques.

Secure Web Applications in Java
Learning how to build secure coding and secure code review skills, uncover and protect against some of the most common vulnerabilities in Java code.

Shellcode Development and Exploiting
Learn how to create shellcodes and how to construct basic attack vectors using shellcodes. Obtain a better understanding about how programs and processes work.
Trainers:  Razvan Deaconescu; Mihai Țigănuș

Practical Cryptography on the Internet
The training will feature many guided hands-on activities such as creating certificate hierarchies, configuring custom certificates on clients and servers, modifying security policies, impersonating “seemingly secure” identities, downgrading connections, and extracting information from secure HTTPS sessions
Trainers: Sergiu Costea

  • CTF (Capture The Flag)
Capture The Flag contests are popular ways to hone your practical security skills by solving challenges on topics such as web, crypto, reverse, exploiting.
We invite everyone passionate about practical security at the OWASP AppSec 2016 CTF, where you and your team will solve challenges on web, reverse and exploiting.
In order to participate in the CTF competition, please register here:
The prizes will be as follows:
  • 1st place: 1024 euros
  • 2nd place: 512 euros
  • 3rd place: 256 euros
More information about the agenda can be found at:
You can register at:

We look forward to seeing you at this event!

Friday, September 16, 2016

Interview with the Board Candidates Pts 1&2 of 4 ETA: All four parts are now available.

Every year as part of the OWASP Board of Directors election OWASP holds a call for questions from the community.  The top four questions are then selected to be recorded in individual interviews on the OWASP Podcast to give members insight into the candidate's priorities and philosophies.  This year the most requested questions were:
1. What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community?
2. What would you do to improve OWASP's image regarding vendor neutrality?
3. What has been the greatest accomplishment of OWASP Foundation and what is its biggest failure?
4. What is more important to you as a candidate 1) Members 2) Projects 3) Conferences 4) Chapters and why?
Each episode of the podcast will be released on our Soundcloud account and then linked on the elections page.  Parts one and two are available now, as are the can candidates' biographies and statements of intent.

Don't forget that only paid and honorary members can vote, so join before September 30, 2015!

Edited to add Parts three and four.

Tuesday, September 13, 2016

Why we Need Women in Security Careers

Cross-posted from the AppSec USA blog
Security is one of the largest and most critical industries right now. In 2015, more than $75 billion was pumped into the industry to solve the most pressing security challenges – that’s up from $3.5 billion only 10 years prior, and is expected to reach $1 trillion by 2020. Yet, as the industry grows exponentially the workforce gap continues to widen. According to a recent study published by (ISC)2 and Frost & Sullivan, the workforce gap in the security industry is expected to reach 1.5 billion people by 2020. Even more alarming is the small percentage of women currently in the field – 10 percent!
The solution to filling the workforce gap seems simple – hire more women. It’s not that easy though. There are multiple barriers that prevent women from entering the field, including lack of education in primary schools and college, insufficient communication about job opportunities, and minimal internal training to encourage women to learn the skills needed for career changes and advancements.
OWASP’s Women in AppSec (WIA) initiative is aware of these barriers and is actively changing the status quo about women in security through research, education and mentorships. WIA encourages female students at the undergraduate and graduate levels, instructors, military personnel transitioning out of service, and professional working women to expand their skills and pursue a career in application and/or information security.
How You Can be Part of the Initiative
WIA has exciting events in store for AppSecUSA 2016 taking place in Washington, DC, October 11-14. Join us for unique opportunities to network with like-minded industry professionals and discuss the future of WIA events around the globe. Events include:
  • Networking Reception: Meet like-minded industry professionals and make connections to help launch or expand your career in the security industry
    October 12 @ 5:00pm
    Renaissance Hotel
  • Mentoring Luncheon: Engage with mentors in the field and learn from experts what it takes to develop your career
    October 13 @ 12:00pm
    Renaissance Hotel
  • Planning Meeting: Join forces with others committed to the WIA initiative and share ideas for events at future conferences
    October 14 @9:30am
    Renaissance Hotel
WIA is offering sponsorships for women transitioning from development and security-based jobs in the military to attend AppSecUSA 2016. To be eligible, you must be leaving the military within the next six months or have been out of the military for less than one year. To apply for a sponsorship, click HERE.
To register for WIA-hosted events at AppSecUSA 2016 visit the website at:
We hope you’ll join us in breaking barriers for women at AppSecUSA 2016!

Thursday, August 25, 2016

Results of the 2016 WASPY Awards

Thank you to everyone who voted in the 2016 WASPY Awards!  The voting for the 2016 WASPY Awards has closed. The winners have been notified, and the results are posted here

Congratulations to all of the individuals who were nominated, and a special Congratulations to our winners: 

Jeremy Long Open/Leading Category
Eoin Keary Integrity/Learning Category
Owen Pendlebury Innovation/Sharing Category
Kathy Thaxton Global/Growing Category

The award ceremony will be held at the AppSecUSA 2016 conference in Washington, DC. More specific details will be posted to the conference site, so please check back frequently. 

As always, thank you for your support!