OWASP WIA, Diversity and Inclusion Committee
Mailing List | Meetup | YouTube | Twitter
Purpose
The purpose of the Women in AppSec (WIA), Diversity and Inclusion Committee is to develop leadership, promote active membership and participation, and contributions by women in application security professional communities, globally and locally.
Our mission is to invite people from all backgrounds and identities to join OWASP and ensure retention by making sure they continue to participate in OWASP events, activities and projects and feel welcome throughout their application security / information security journeys, through learning, mentorship and networking opportunities in building their careers.
The value of diversity and inclusion also provides the OWASP community and application security / information security industry with an opportunity to gain from all that diversity has to offer.
Scope
The scope for OWASP WIA Committee falls into the following areas:
-
Build upon opportunities for and participating of underrepresented groups, including gender, sexual orientation, neurodiversity, physical limitations and racial minorities.
-
Attract women and underrepresented groups to OWASP, as active members, contributors and leaders.
-
Offer opportunities for women and underrepresented groups to become engaged in AppSec and related professional communities.
-
Provide inclusive targeted application security programs for all women learners.
-
Provide inclusive training and mentorship for all interested OWASP women and underrepresented groups.
-
Provide financial support to OWASP women and underrepresented groups through scholarships, sponsorships, and grant making.
-
Pursue fundraising, advancement and development to secure financial support for OWASP WIA, diversity and inclusion activities.
-
Integrate WIA track and related activities into OWASP events at all levels. Cultivate women for community leadership, speakers for conferences, thought leadership, learning leaders, and local chapter events.
-
Collaborate with other committees and initiatives as needs present. Collaborate with local OWASP Chapters and Global OWASP leadership, including but not limited to offering advisory support to local and global OWASP leadership for WIA advancement and collaboratively building pro WIA and diversity OWASP communities.
-
Develop other special projects and events designed to further the purpose of WIA, diversity and inclusion.
Secure Social Media Platform Hackathon
Secure Transaction Hackathon
led by Zoe Braiterman @zbraiterman
- PCI-DSS Requirements session by Aastha Sahni @aastha1891 and Saman Fatima @saman_3014
- Threat model submission by Teresa Clark @HackneyTClark to the OWASP Threat Model Cookbook project @Owasp_tmcb
Cybersecurity Awareness Month 2020 Hackathon
led by Zoe Braiterman @zbraiterman, Maria Possobom and Li-Ann Wong Teleconference Systems Best Practices, by Li-Ann Wong
- Teleconference systems are not considered secure, and the following minimum security controls should be considered to prevent unauthorized disclosure of sensitive Company information:
- Require passwords for access
- Announce arrival and departure of participants
- Monitor or record the conference
- Organization should ensure an evaluated firewall in a gateway environment should use an evaluated video or voice-aware firewall of at least the same level of assurance to secure the information shared via video conferencing or IP telephony.
- Organization must separate the video conference traffic from other data traffic either physically or logically
- Organization should ensure an encrypted and non-replayable two-way authentication scheme should be used for call authentication and authorisation.
- Organization personnel must not connect workstations to video conferencing units unless the workstation or the device uses VLANs or similar mechanisms to maintain separation between video conferencing and other data traffic.
- Ensure all participants have a need to know
- System should be configured to provide an explicit indication of current participants and attendance list should be maintained and checked.
- Obtain non-disclosure forms as necessary
- Distribute minutes securely
Solution by Dwaipayan Gupta @baps_55 and Suvidha Pankar
DefCon 2020
Keep posted for details, in collaboration with the OWASP Outreach Committee Twitter
AppSec California 2020
- Conference Organizers: @haral @RAGreenberg @act1vand0 @jonathanmarcil
Panelists Zoe Braiterman: @zbraiterman Vandana Verma: @InfosecVandana Richard Greenberg: @RAGreenberg Kavya Pearlman: @KavyaPearlman Chris Kubecka: @SecEvangelism Lisa Jiggetts: @lisajiggetts Malia Mason
Breakfast
- Sponsors: Detectify, Sqreen
[Global AppSec DC 2019]
- Welcomed diversity scholarship recipients from @DefConOwasp
DefCon 2019
- Twitter handles: @thejonmccoy @zbraiterman @Onenerdylady @ALL_Sec_Geek
- 25 diversity scholarships for Global AppSec D.C. 2019
AppSec California 2019
- Twitter handles: @InfosecVandana @zbraiterman
AppSec USA 2018
- WIA training, led by Vandana Verma (@InfosecVandana)
- WIA luncheon, led by @InfosecVandana and @zbraiterman
AppSec EU 2018
- Vandana Verma (@InfosecVandana) and Jessica Robinson (@jessrobin96)
Contributors
Aastha Sahni - New York
Heba Farahat - Egypt
Liza Roberts - San Francisco, CA
Maria Mora - San Francisco, CA
Saman Fatima - New Delhi, India
Shrutirupa Banerjiee - Pune, Maharashtra, India
Vandana Verma - India
Ruchira Pokhriya
Jessica Gottsleben
Sal Kimmich
Individuals
Join our ongoing global team discussion. We’re always looking for new ideas.
Attend a virtual global or in-person local meetup
Submit to speak at an upcoming webinar
- Contact Zoe Braiterman and Loredana Mancini
OWASP Chapter Leaders / Members:
Collaborate on meetups Please direct co-hosting requests to Zoe Braiterman
Community-Driven Learning Resources
Webinars
- OWASP WIA + InfoSec Girls Knowledge Exchange Webinar - August 2018
- OWASP WIA + InfoSec Girls Knowledge Exchange Webinar - November 2018
- OWASP WIA + InfoSec Girls Knowledge Exchange Webinar - December 2018
- OWASP WIA + InfoSec Girls Knowledge Exchange Webinar - January 2019
- International Women’s Day CTF Webinar - 2019
- OWASP WIA + InfoSec Girls Knowledge Exchange Webinar - March 2019
- OWASP WIA + InfoSec Girls Knowledge Exchange Webinar - April 2019
- OWASP Projects Panel Panelists: Katy Anton @KatyAnton Andrew van der Stock @vanderaj, Simon Bennetts @psiinon, Jim Manico @manicode, Elizabeth Frenz Moderator: Zoe Braiterman @zbraiterman
- “Sky’s the Limit” with Marie McCarthy, Career Coach
- AppSec Programs and Women’s Support Networks Speaker: Minali Arora @AroraMinali
- OWASP Project Panel Panelists: Bjorn Kimminich @bkimmimich Spyros Gasterados @0xfde, Riccardo ten Cate @RiieCco, Glenn ten Cate @FooBar_testing_ Moderator: Zoe Braiterman @zbraiterman Technical Coordinator: Katy Anton @KatyAnton
- Virtual Job Search and Cyber Threat Hunting by Deidre Diamond @DeidreDiamond and Aastha Sahni @aastha1891
- Cyber Criminology by Deveeshree Nayak and Coordinated Vulnerability Disclosure by Madinah S. Ali
- Cybersecurity for Critical Infrastructure by Mariah Possobom
- IAM - “What, Why, Where?”, by Saman Fatima (@saman_3014)
- “How to Overcome Shyness”, by Marie McCarthy
- PCI-DSS Requirements, by Aastha Sahni @aastha1891 and Saman Fatima @saman_3014 An introduction to a 2-week long remote “Secure Transaction Hackathon”, led by Zoe Braiterman @zbraiterman
- Supply Chain / Vendor Management by Li-Ann Wong
- How to Build Self-Confidence by Marie McCarthy
- Blockchain by Cristina Baldi and DOM-Based XSS by Shrutirupa Banerjiee @freak_crypt
- Password Innovation by Nehal Mehta @NehalMehta_rs and Dhaval Shah
- “Charting Career Paths in Cybersecurity” by Bishakha Jain @euphoricbint
- “Is Blockchain Really Secure?” by Shrutirupa Banerjiee @freak_crypt
- “Do certain types of developers or teams write more secure code?” by Anita D’Amico @AnitaDamico
- “‘Security Through Clarity’ and Why Programming Languages and Architecture Matter” by Francois-Rene Rideau @phanaero
- Bishakha Jain @euphoricbint on Burnout
- “Building a Curious, Compassionate and Cybersmart World” by Sarba Roy @SarbaRoy_15
- “How to be Inclusive for the Deaf Community” by Kellina @cutiekellina, “The Five Philosophies to Building Better Logs” by Veronica @Po1Zon_P1x13 and “The Path to Inherently Safer Technology” by Lesley
- “Getting Started With PenTesting, Intro to OSINT, Creating a D & I Cyber Security Team” by Deveeshree Nayak
- Cloud Security by Dr. Abhilasha Vyas
- Diversity discussion with Zoe Braiterman @zbraiterman, Aastha Sahni @aastha1891 and Saman Fatima @saman_3014
- Zoe Braiterman @zbraiterman interviews Chloe Messdaghi @ChloeMessdaghi
- Zoe Braiterman @zbraiterman interviews Bishakha Jain @euphoricbint
- Neurodiversity Workshop - led by Ruchira @Silver_Banshee1
- OWASP Vulnerability Management Guide inaugural working group meeting, by Elizabeth Frenz, Theresa Mammarella @t_mammarella and Zoe Braiterman @zbraiterman
In Person Events
- OWASP WIA / OWASP NYC Secure Code Warrior Tournament
- OWASP WIA + InfoSec Girls NYC kick-off event Aastha Sahni @aastha1891, Scott Miller @scottymiller9 and Zoe Braiterman @zbraiterman
Videos
-
“Build an AppSec Program with Open Source Projects” by Vandana Verma (@InfosecVandana)
-
“OWASP Spotlight - Project 1 - Web Security Testing Guide”, by Vandana Verma (@InfosecVandana)
-
“OWASP Spotlight - Project 2 - Dependency Check”, by Vandana Verma (@InfosecVandana)
- “OWASP Spotlight - Project 3 - Core Rule Set”, with Christian Folini @ChrFolini and Vandana Verma @InfosecVandana
-
OWASP Spotlight - Project 6 - PyTM” by Izar Tarandach @izar_t and Vandana Verma @InfosecVandana
-
“OWASP Spotlight - Project 13 - Mobile Security Testing Guide” by Vandana Verma @InfosecVandana
-
“OWASP Spotlight - Project 18 - OWASP DSOMM” by Timo Pagel and Vandana Verma @InfosecVandana
-
“OWASP Spotlight - Project 20 - OWASP Security Pins” by Timo Pagel and Vandana Verma @InfosecVandana
-
“OWASP Spotlight - Project 26 - OWASP SamuraiWTF” by Kevin Johnson and Vandana Verma @InfosecVandana
- Sam Stepanyan @securestep9 and Zoe Braiterman @zbraiterman discuss OWASP Chapters Committee and the OWASP Nettacker Project