Friday, May 27, 2016

Honorary Membership

Honorary Membership requests are being accepted NOW!  Please visit to see if you qualify and to submit your  request.

Membership Drive ends June 20!

Join or renew your Individual Membership by June 20 and be entered into a raffle to win a prize!

2016 Global Board of Directors Election

Submit your candidacy for the Global BoD! Submissions are NOW being accepted!

Monday, May 23, 2016

We need your help!

Time is ticking! Please help contribute to improving OWASP's infrastructure by taking a quick 3 minute survey here

Wednesday, May 18, 2016

OWASP needs your input!

The OWASP Foundation has begun the process to improve the critical infrastructure and system platforms for the Global organization. The OWASP website, built on mediawiki, has become overloaded with content. We are looking at ways to improve the layout and navigation of the wiki.

We want your input and want you to provide some feedback on how you use the wiki and how you think it can be improved.

Please take 5 minutes and complete this short SURVEY

Thursday, May 12, 2016


OWASP SAMM (Software Assurance Maturity Model) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.  SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization

The much anticipated SAMM 1.1 was released in March 2016.  Read the entire press release HERE.

Last month, contributors from 18 different cities in Belgium, France, Germany and the United States met in New York, NY for the second annual SAMM summit.   The SAMM contributors, led by Seba Deleersnyder and Bart De Win reviewed the 1.1 release, outlined improvements for the in-process 1.2 release (expected release date - June 2016), and created the roadmap for SAMM 2.0 (expected release date - June 2017).

Are you ready to get involved?  The SAMM team collaborates virtually  every 2nd Wednesday of the month.  Call details and minutes/agenda from previous calls can be found on the Community tab of the project webpage.

If you are unable to participate in the meetings, but still want to support SAMM, you can allocate a portion of your individual membership fees to the project or make a donation here.

Companies and other organizations who wish to support this project, please CONTACT US for additional information and options.

Tuesday, May 10, 2016

2016 Global BoD Election Call for Candidates is NOW OPEN!

Dear OWASP Community,

We are pleased to announce that the 2016 Global BoD Call for Candidates is now OPEN!  You may submit your candidacy here.  There are 3 seats available for this election. For the complete election timeline, board responsibilities, eligibility requirements, and other election details please refer to our 2016 Election page

Some Key Updates & Improvements for this years election process:
  • Similar to years past, we will announce all verified candidates once the Call for Candidates closes.  This process generates more candidates and minimizes any "popularity contests".  More candidates = more choices for you. Candidates that wish to announce their candidacy themselves MAY DO SO at any time.   
  • An email will be sent to the entire community prior to the paid membership deadline (Sept 30) asking them to check the Membership Directory to be sure they are listed as a current individual member.  If individuals believe they are a current paid individual member, but their name does not appear in the Membership Directory, they will be asked to contact us immediately.  Please feel free to check the directory now and contact me if you believe you should be listed as an Individual Member and are not. 
  • Unsubscribed emails to voting list - without an email address the voting system is unable to identify who has chosen to unsubscribe from receiving these emails which contain a link to the ballot. To be sure all registered voters receive their ballots, they will be sent an email from OWASP letting them know they should have received a ballot.  If they did not receive a ballot, they will be asked to contact us immediately. Every time the voting system sends an email with the link to the ballot and email from OWASP will follow. 
  • An email will be released in addition to social media posts on August 10 that will include the candidates names, "why me", profile picture and bio.

Honorary Membership Update
  • Honorary Membership is now open YEAR ROUND!  Please refer to the Honorary Membership section on the election page for more detailed information.
We are looking forward to a successful election process. If you have any questions or if I can be of any assistance to you, please let me know.

Kindest Regards,  

Kelly Santalucia
Membership and Business Liaison

Monday, May 9, 2016

ApSec EU 2016. Rome, June 27 - July 1

OWASP AppSec EU 2016 Adds Leading Global Experts to List of Speakers

Are you registered for the upcoming OWASP conference? We are excited to be getting closer to the AppSec EU event and we have now announced our roster of keynote speakers. 

The premier software security conference for developers, auditors, risk managers, technologists and entrepreneurs will take place at the Rome Marriott Park Hotel, June 27th - July 1st. Below are the keynotes:

Charlie Miller is a senior security engineer at Uber ATC, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four-time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame.

Mike West is a member of Chrome’s security team in Munich, Germany. He’s focused his energies on the web, works on web platform security feature implementation in Chromium and Blink, and specifications in various standards bodies.

Alessandro Perilli is the general manager for cloud management strategy at Red Hat and and is a widely respected authority on virtualisation and cloud computing. Prior to joining Red Hat, Alessandro was a Research Director at Gartner, leading the private cloud research program in Gartner’s Technical Professionals division.

In addition to keynote sessions, AppSec EU will offer three full days of training followed by two days of conference sessions, as well as several interactive events. 

To find out more about OWASP AppSec EU 2016, attend a training sessions, or REGISTER for the conference, please visit

Wednesday, May 4, 2016

ZAP Webinar in Español!

What:  ZAP Webinar in Español

When:  Wednesday May 11, 2016 12p-1p EDT


About Webinar

Spanish Version

OWASP Zed Attack Proxy (ZAP) es una herramienta integral, la cual se utiliza para realizar pruebas de penetración y encontrar vulnerabilidades en aplicaciones web. Zed Attack Proxy proporciona escaners automáticos, como también un conjunto de herramientas las cuales permiten encontrar de manera manual, vulnerabilidades de seguridad.

English  Version

OWASP Zed Attack Proxy (ZAP) is a comprehensive tool, which is used to perform penetration testing and find vulnerabilities in web applications. Zed Attack Proxy provides automatic scanners, as well a set of tools which allow you to find manually, security vulnerabilities.

Presenter:  Alonso Eduardo Caballero Quezada


Spanish Version

Alonso Eduardo Caballero Quezada es EXIN Ethical Hacking Foundation Certificate, LPI Linux Essentials Certificate, Brainbench Certified Network Security (Master), Computer Forensics (U.S.) & Linux Administration (General), IT Masters Certificate of Achievement en Network Security Administrator, Hacking Countermeasures, Cisco CCNA Security, Information Security Incident Handling, Digital Forensics y Cybersecurity Management. Ha sido Instructor en el OWASP LATAM Tour Lima, Perú y Conferencista en PERUHACK. Cuenta con más de trece años de experiencia en el área y desde hace nueve años labora como Consultor e Instructor Independiente en las áreas de Hacking Ético & Informática Forense. Perteneció por muchos años al grupo internacional de Seguridad RareGaZz y al Grupo Peruano de Seguridad PeruSEC. Ha dictado cursos presenciales y virtuales en Ecuador, España, Bolivia y Perú, presentándose también constantemente en exposiciones enfocadas a Hacking Ético, Informática Forense, GNU/Linux y Software Libre. Su correo electrónico es y su página personal está en:

English  Version

Alonso Eduardo Caballero Quezada is EXIN Ethical Hacking Foundation Certificate, LPI Linux Essentials Certificate, BrainBench Certified Network Security (Master), Computer Forensics (US) & Linux Administration (General), IT Masters Certificate of Achievement in Network Security Administrator, Hacking Countermeasures, Cisco CCNA Security, Information Security Incident Handling, Digital Forensics and Cybersecurity Management. He has been Instructor in the OWASP LATAM Tour Lima, Peru and Speaker in PERUHACK. He has over thirteen years of experience in the area and for nine years he works as Independent Consultant and Instructor in the areas of Ethical Hacking & Computer Forensics. He was a member of the RareGaZz and PeruSEC groups. He has taught online courses in Ecuador, Spain, Bolivia and Peru, also appearing constantly in events focused on Ethical Hacking, Computer Forensics, GNU/Linux and Free Software. Your email is ReYDeS@gmail.comand your personal page is at: