Opinions & News
Check back here for weekly news and opinions from OWASP leadership, staff, and community members. Have a news idea for here or the Connector? Submit to News
Wednesday, November 25, 2020
Members of the OWASP Foundation, we value your commitment and expertise. The Foundation is looking to you in shaping our future and helping us update our Corporate Policies, in this case, the Chapters Policy. This is a major ground up re-write of the chapters policy, in concert with the Chapters Committee.... more
Tuesday, November 10, 2020
The OWASP Foundation is a not-for-profit organization providing open-source projects, tools, documentation, etc., to help security professionals succeed by improving to keep their company’s data secure! Our open-source materials are supported by the financial contributions of our Corporate Members, and they are fundamentally important to help us continue to fulfill our mission by providing these resources. As a corporate member, supporting the OWASP Foundation demonstrates the companies commitment to the community, the Foundation, and the entire AppSec sector.
OWASP strives to provide opportunities to companies with all budget types so everyone can participate. That being said, we are happy to announce that we now offer discounted corporate membership for companies in developing regions and discounted rates for start-up companies! Qualify, and be one of the first ten companies to join the Foundation as a corporate member to receive a special incentive.... more
Friday, November 6, 2020
At the October public Board meeting at the Global AppSec 2020 - Virtual, the Board voted on Honorary Membership and active Leader Complimentary Membership reform, and these reforms are now live.
For hardworking OWASP community leaders who have done amazing things for many years, you will finally have a chance of being recognized by the Foundation and your peers for being a true OWASP hero and upholder of our values and mission. For active leaders, you will be pleasantly surprised by a new option available to you.
What is the problem we’re trying to solve?
Typically, for non-profits and charities, the expectation is that community leaders are members. OWASP is almost unique in that we don’t require Membership to participate or make it mandatory for leaders.
Only 17% of OWASP leaders are members of any sort. The Board felt that many non-member leaders could not vote or become Board members, so they were effectively donating their time but could not influence the Foundation or our mission. At the September face-to-face meeting, the Board discussed various membership models and decided to offer active leaders Complimentary membership and reform Honorary Membership.... more
Thursday, November 5, 2020
This post announces the end of the OWASP Connector. Sadly, the days of email newsletters are done. Read on to find out what we are going to do instead, and we’ve started already.... more
Friday, October 30, 2020
Recently, our lawyers have reviewed all of our bylaws and contracts. You’ll see the improvements coming through as we bring them online. However, the lawyers found that we had no provisions to prohibit participation or funding from US Government Sanctioned Countries. Once notified, we had to act, as ignorance is not an excuse. The Board has taken action to resolve this issue, and in the process, we have lost a chapter and refunded one member.
Please read on for more details, and more details about future content here.... more
Thursday, October 29, 2020
Hi OWASP members, at 11:59 pm US EDT on Friday October 30 is the last day to vote in the OWASP Board of Director’s election. If you have not yet voted, now is the time. Read on for how to find your ballot, and what happens next.... more
Saturday, August 1, 2020
OWASP is an Associate Partner of Black Hat USA 2020 and will be present with its own virtual booth on 5th/6th August. Meet & talk to OWASP staff and volunteers, and take the chance to meet some of our dedicated project leaders.... more
Friday, July 31, 2020
The future of OWASP is driven by passionate individuals who sit on the Global Board of Directors. They represent you and are elected by you, our members. We have just published the Global Board of Directors elections timeline and procedures.
We ask all members to check that their membership is valid, and necessary communications settings are correct. I encourage anyone to stand for the Board if they are passionate about OWASP, and I encourage every single member to vote.
Lastly, I address the current eligibility issues, what’s changing, and how this year’s elections will not be affected by upcoming changes to our bylaws.... more
Thursday, July 23, 2020
Unlike many other groups in the software and security sector, it is important to us that our organization is shaped by our community. This of course is evident in our volunteer led Chapters and Projects along with a member-elected Board of Directors and now down to our everyday business policies. In what is planned as an annual effort, the OWASP Foundation is looking for Members to help us update our Corporate Policies. We have identified and have developed 16 core policy domains for our operations.... more
Monday, June 29, 2020
It is with great pleasure that the OWASP Foundation announces that as per today, Monday 29th June 2020 we will have a new, full time, Executive Director (ED), selected from within our own ranks. As per this date Andrew van der Stock will officially take on the role of the ED for the Foundation on a permanent basis.
Andrew is well known to many in the OWASP Community for both his hard work on a number of key OWASP Projects (including the OWASP Top Ten and the OWASP ASVS) as well as for his time on the Global Board of Directors, representing the OWASP Community from 2015 to 2018. He brings years of AppSec experience to the role as well as his breadth of experience managing organisational units. We are sure he will bring this to his new role in the Foundation and will be a great ED.... more
Monday, June 8, 2020
Virtual AppSec Days April 2020 was a hit! Over 1,800 participated in the week-long event. Highlights included a free lightning conference, 11 training courses, and a 48 hour Capture the Flag competition.
The OWASP Foundation set out to bring the community together and provide alternative education in these uncertain times. We were able to do this economically for participants thanks to our generous sponsors, without whom, this event would not have been possible.
Thank you to Acunetix, DevSecOps Academy, Netsparker, and ZeroNorth! These sponsors not only helped keep the conference affordable but also gave away over $800 in prizes to participants.... more
Thursday, June 4, 2020
Join 24 chapters around the globe for a 24 hour long back-to-back virtual chapter meetup. The entire event will be livestreamed on YouTube from 16 countries. The schedule of those talks is available here.
The OWASP Leaders List is a mailing list populated by either Chapter or Project Leaders or folks who previously held those positions. The mailing list is a busy place and ideas flow there regularly - because the folks on that list are good folks with great ideas.
Sometimes an idea hits the list that requires real work to happen and this initiative was one of those fortunately there were plenty of volunteers to step up and make it happen.... more
Tuesday, April 7, 2020
The OWASP Foundation is excited to announce the launch of Virtual AppSec Days. Taking place later this month, we have an entire week of virtual activities planned, to engage, educate, and entertain our community.
The event will begin on April 27 with a virtual mini-conference; a free 90-minute session consisting of three 20-minute lightning talks by AppSec industry leaders.... more
Tuesday, March 17, 2020
live from the beach of Cancun at the OWASP Projects Summit was a really
unique event. The summit allowed us to really concentrate on some larger
long-term ideas we had.
Thursday, March 12, 2020
Following recent developments within Ireland, throughout Europe, and worldwide relating to COVID-19, the OWASP Foundation has made the difficult, but considered decision, to postpone the Global AppSec Dublin set to take place June 15-19.
We take pride in offering a premier experience for our attendees and sponsors and we can no longer guarantee that event quality. Nor can we ethically put our community’s health and safety at risk. Therefore we have secured dates at the Convention Center Dublin to hold the Global AppSec Dublin on February 15-19, 2021.... more
Tuesday, February 18, 2020
Are you a thought leader in AppSec with a unique idea to share with the greater OWASP community? We are looking for new, innovative, compelling content for our Global AppSec in Dublin this June. Application Security leaders, software engineers, and researchers from all over the world gather at Global AppSec conferences to drive visibility and evolution in the safety and security of the world’s software, as well as to network, collaborate, and share the newest innovations in the field.... more
Tuesday, February 11, 2020
The OWASP SAMM™ (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational Software Development Life Cycle (SDLC).... more
Wednesday, January 15, 2020
For the better part of the last nine months, a small dedicated team has been working to complete a project that has been started, restarted, abandoned, restarted, and then again abandoned: migrating our 7,000 or so page website curated by over 3,000 content editors from MediaWiki to GitHub Pages. As I like to now say, “when you spend 15 years digging a deep hole, don’t expect to dig your way out in a week.” And in all honesty this is not the finish line, but the starting line for the OWASP Foundation in this new decade.... more
Tuesday, December 3, 2019
Want to help plan our next Global AppSec event? OWASP is excited to announce the launch the Global AppSec Program Team. These teams will be responsible for selecting the program and training offerings for the Global AppSecs and will be comprised of volunteers from all around either Europe or North America. Be sure to apply to volunteer before the end of the year!... more
Wednesday, November 20, 2019
As the foundation moves toward the migration of the OWASP web presence from the old wiki site to our new GitHub-hosted home, some of you may still have questions regarding what to move and how to move it. Essentially, if you have a chapter page or project page and you have not migrated it to the new website, that would be first. Steps on what to do and what is needed can be found at https://owasp.org/migration There are also some minor instructions on the... more
Tuesday, July 2, 2019
OWASP ZAP Releases V2.8.0 With the Heads Up Display
Heads Up Display simplifies and improves vulnerability testing for developers
SAN FRANCISCO–(BUSINESS WIRE)–OWASP™ ZAP (Open Web Application Security Project™ Zed Attack Proxy) has released a new version of its leading ZAP Project which now includes an innovative Heads Up Display (HUD) bringing security information and functionality right into the browser. Now software developers can interactively test the reliability and security of their applications in real time while controlling a wide variety of features designed to test the quality of their software.... more
Wednesday, June 12, 2019
Blog post example content. Talk about using GitHub for the new website. More text to follow in a second here. Describe the functionality and the awesome CSS. New blog post example content. Talk about using GitHub for the new website. More text to the awesome CSS. blog post example content. Talk 12345 about using GitHub for the new website. More text to follow in a second here. Talk about using GitHub for the new website. More text to follow in a second here. and the awesome CS word log …... more