Test2test

= Welcome =

= Starting a New Project =

How to Start a New Project
Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.

To get your project started, fill out the new project form. We'll review the information and get you set up with a project wiki page, a mailing list, and subscribe you to the OWASP-Leaders list. You'll be part of setting OWASP's direction!

'''Here are some of the guidelines for running a successful OWASP project: '''
 * The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.


 * You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.


 * You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.


 * You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

Creating a New Project

 * Get the following information together:

A - PROJECT
 * 1) Project Name,
 * 2) Project purpose / overview,
 * 3) Project Roadmap,
 * 4) Project links (if any) to external sites,
 * 5) Project License,
 * 6) Project Leader name,
 * 7) Project Leader email address,
 * 8) Project Leader wiki account - the username (you'll need this to edit the wiki),
 * 9) Project Contributor(s) (if any) - name email and wiki account (if any),
 * 10) Project Main Links (if any).

Project Release

 * As your project reaches a point that you'd like OWASP to assist in its promotion, the OWASP Global Projects Committee will need the following to help spread the word about your project:


 * 1) Conference style presentation that describes the tool/document in at least 3 slides,
 * 2) Project Flyer/Pamphlet (PDF file),
 * If possible, get also the following information together:

B – FIRST RELEASE
 * 1) Release Name,
 * 2) Release Description,
 * 3) Release Downloadable file link
 * 4) Release Leader,
 * 5) Release Contributor(s),
 * 6) Release Reviewer,
 * 7) Release Sponsor(s) (if any),
 * 8) Release Notes
 * 9) Release Main Links (if any),

Questions?
Please do not hesitate to contact us with any questions!

= Project Assessment =

Call for Papers
Submit your Talk Proposal here: Call for Papers Submission Form

Please carefully fill out the CFP form to submit your talk for consideration at OWASP AppSec Latam 2012 in Montevideo, Uruguay.

The talks will be held November 20th and 21st, 2012 at the ANTEL National Telco Company located in downtown Montevideo (training is November 18th and 19th). Talks will be 50 minutes each. We will post your Display Name, Biography, Talk Title, and Talk Abstract to the appseclatam.org site if your talk is selected. If you provide a URL or Twitter handle, we will post that if your talk is selected, too.

The deadline for this Call for Papers is August 31, 2011. If your talk is selected, we will contact you to confirm, and we will expect that your slides and other material will be sent to us no later than November 16, 2011 for our peer review. We peer review slides and other material for inclusion on the conference website (post-conference) and to verify general conformance to OWASP conference presentation guidelines.

If you would like to submit multiple presentations, please make multiple separate form submissions.

Speakers will receive free admission (nontransferable) to the conference in return for delivering a 50 minute talk.

Speaker Agreement
By submitting your proposal for a talk/paper through our CFP, you are consenting to stay within the guidelines of the speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement

Questions?
Please contact us at [mailto:appseclatam2012@owasp.org appseclatam2012@owasp.org] with any questions!

= Project Database =

Active Projects
Flagship Projects

The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.

Code
 * OWASP AntiSamy Project
 * OWASP Enterprise Security API
 * OWASP ModSecurity Core Rule Set Project

Tools
 * OWASP CSRFGuard Project
 * OWASP Web Testing Environment Project
 * OWASP WebGoat Project
 * OWASP Zed Attack Proxy

Documentation
 * OWASP Application Security Verification Standard Project
 * OWASP Code Review Guide Project
 * OWASP Codes of Conduct
 * OWASP Development Guide Project
 * OWASP Secure Coding Practices - Quick Reference Guide
 * OWASP Software Assurance Maturity Model (SAMM)
 * OWASP Testing Guide Project
 * OWASP Top Ten Project

Lab Projects

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

Tools
 * OWASP Broken Web Applications Project
 * OWASP CSRFTester Project
 * OWASP EnDe Project
 * OWASP Fiddler Addons for Security Testing Project
 * OWASP Forward Exploit Tool Project
 * OWASP Hackademic Challenges Project
 * OWASP Hatkit Datafiddler Project
 * OWASP HTTP POST Tool
 * OWASP Java XML Templates Project
 * OWASP JavaScript Sandboxes Project
 * OWASP Joomla Vulnerability Scanner Project
 * OWASP LAPSE Project
 * OWASP Mantra Security Framework
 * OWASP Mutillidae Project
 * OWASP O2 Platform
 * OWASP Orizon Project
 * OWASP Scrubbr
 * OWASP Security Assurance Testing of Virtual Worlds Project
 * OWASP SWAAT Project
 * OWASP Vicnum Project
 * OWASP Wapiti Project
 * OWASP Web Browser Testing System Project
 * OWASP WebScarab Project
 * OWASP Webslayer Project
 * OWASP WSFuzzer Project
 * OWASP Yasca Project

Documentation
 * OWASP AppSec Tutorial Series
 * OWASP AppSensor Project
 * OWASP Cloud ‐ 10 Project
 * OWASP CTF Project
 * OWASP Fuzzing Code Database
 * OWASP Legal Project
 * OWASP Podcast Project
 * OWASP Secure Web Application Framework Manifesto
 * Virtual Patching Best Practices

Incubator Projects

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

Code
 * OWASP Secure the Flag Project
 * OWASP OPA
 * OWASP Alchemist Project
 * OWASP ESOP Framework
 * OWASP Java Encoder Project
 * OWASP Passfault
 * OWASP OctoMS
 * OWASP Java Uncertain Form Submit Prevention
 * OWASP Ecuador
 * OWASP AW00t
 * OWASP ONYX

Tools
 * OWASP WhatTheFuzz Project
 * OWASP Security Tools for Developers Project
 * OWASP SIMBA Project
 * OWASP VFW Project
 * OWASP OVAL Content Project
 * OWASP WAF Project
 * OWASP NAXSI Project
 * OWASP Passw3rd Project
 * OWASP File Hash Repository
 * OWASP WebGoat.NET
 * OWASP AJAX Crawling Tool
 * OWASP OWTF
 * OWASP Path Traverser
 * OWASP Watiqay
 * OWASP Security Shepherd
 * OWASP Xenotix XSS Exploit Framework
 * OWASP Mantra OS
 * OWASP XSSER
 * OWASP Academy Portal Project
 * OWASP ASIDE Project
 * OWASP Browser Security ACID Test Project
 * OWASP iGoat Project
 * OWASP Java HTML Sanitizer Project
 * OWASP Proxy Project

Documentation
 * OWASP Data Exchange Format Project
 * OWASP Cheat Sheets Project
 * OWASP Proactive Controls
 * OWASP Java/J2EE Secure Development Curriculum
 * OWASP Crossword of the Month
 * OWASP Secure Password Project
 * OWASP Security Baseline Project
 * OWASP Software Security Assurance Process
 * OWASP Threat Modeling Project
 * OWASP Web Application Security Accessibility Project
 * OWASP Application Security Requirements Project
 * OWASP Common Numbering Project
 * OWASP Favicon Database Project
 * OWASP Application Security Assessment Standards Project
 * OWASP Application Security Program for Managers
 * OWASP Application Security Skills Assessment
 * OWASP Browser Security Project
 * OWASP Computer Based Training Project (OWASP CBT Project)
 * OWASP Enterprise Application Security Project
 * OWASP Exams Project
 * OWASP GoatDroid Project
 * OWASP Myth Breakers Project
 * OWASP Project Partnership Model
 * OWASP Request For Proposal

Education
 * OWASP University Challenge
 * OWASP Hacking-Lab

Inactive Projects
Archived Projects

OWASP Archived Projects are inactive Labs projects. If you are interested in pursuing any of the projects below, please contact us and let us know of your interest.


 * OWASP Access Control Rules Tester Project
 * OWASP Application Security Metrics Project
 * OWASP AppSec FAQ Project
 * OWASP ASDR Project
 * OWASP Backend Security Project
 * OWASP Best Practices: Use of Web Application Firewalls
 * OWASP CAL9000 Project
 * OWASP CLASP Project
 * OWASP CodeCrawler Project
 * OWASP Content Validation using Java Annotations Project
 * OWASP DirBuster Project
 * OWASP Encoding Project
 * OWASP Google Hacking Project
 * OWASP Insecure Web App Project
 * OWASP Interceptor Project
 * OWASP JSP Testing Tool Project
 * OWASP LiveCD Education Project
 * OWASP Logging Guide
 * OWASP NetBouncer Project
 * OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project
 * OWASP OpenSign Server Project
 * OWASP Pantera Web Assessment Studio Project
 * OWASP PHP Project
 * OWASP Report Generator
 * OWASP Ruby on Rails Security Guide V2
 * OWASP Scholastic Application Security Assessment Project
 * OWASP Security Analysis of Core J2EE Design Patterns Project
 * OWASP Security Spending Benchmarks Project
 * OWASP Site Generator Project
 * OWASP Skavenger Project
 * OWASP Source Code Flaws Top 10 Project
 * OWASP Sprajax Project
 * OWASP Sqlibench Project
 * OWASP sqliX Project
 * OWASP Stinger Project
 * OWASP Teachable Static Analysis Workbench Project
 * OWASP Tiger
 * OWASP Tools Project
 * OWASP Uniform Reporting Guidelines
 * OWASP Webekci Project
 * JBroFuzz

Graveyard Projects

OWASP Graveyard Projects are inactive Incubator projects. They have no releases, and they have had no activity in the last year. If you are interested in pursuing any of the projects below, please contact us and let us know of your interest.


 * Advanced Testing Guide Project
 * OWASP Anti-Malware Project
 * OWASP Boot Camp Project
 * OWASP Career Development Project
 * OWASP CMM Project
 * OWASP Codeseeker Project
 * OWASP Corporate Application Security Rating Guide
 * OWASP Cryttr - Encrypted Twitter Project
 * OWASP Encrypted Syndication Project
 * OWASP Filters Project
 * OWASP Honeycomb Project
 * OWASP Jobs Project
 * OWASP Learn About Encoding Project
 * OWASP Oracle Project
 * OWASP PCI Project
 * OWASP Phishing Framework Project
 * OWASP PHP AntiXSS Library Project
 * OWASP Positive Security Project
 * OWASP Python Static Analysis Project
 * OWASP Web Application Scanner Specification Project
 * OWASP Web Application Security Metric using Attack Patterns Project
 * OWASP Web Services Security Project
 * OWASP XML Security Gateway Evaluation Criteria
 * Web 2.0 Project

Merged Projects

 * .NET Project ReOrg Alpha
 * OWASP .NET Project
 * OWASP Antisamy Python Project
 * OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project
 * OWASP Certification Criteria Project
 * OWASP Certification Project
 * OWASP Classic ASP Security Project
 * OWASP ESAPI for .NET
 * OWASP ESAPI for Classic ASP
 * OWASP ESAPI for ColdFusion/CFML
 * OWASP ESAPI for Haskell
 * OWASP ESAPI for Java EE
 * OWASP ESAPI for JavaScript
 * OWASP ESAPI for PHP
 * OWASP ESAPI for Python
 * OWASP ESAPI Swingset Project
 * OWASP German Language Project
 * OWASP Hungarian Translation Project
 * OWASP JSReg Project
 * OWASP Live CD 2007 Project
 * OWASP Live CD 2008 Project
 * OWASP Live CD Project
 * OWASP Securing WebGoat using ModSecurity Project
 * OWASP Spanish Project
 * OWASP WASS Guide
 * OWASP WebScarab NG Project
 * OWASP ESAPI for Ruby
 * HTMLReg
 * OWASP Watcher Project
 * OWASP X5s Project
 * OWASP ESAPI for Objective-C
 * OWASP ESAPI Swingset Interactive Project
 * OWASP ESAPI Swingset Demo Project
 * OWASP Mobile Security Project - Mobile Threat Model
 * The OWASP "Green Book"
 * The OWASP "Red Book"
 * The OWASP "Yellow Book"
 * The OWASP "Blue Book"
 * The OWASP "Purple Book"
 * CSSReg
 * OWASP ESAPI C++ Project
 * OWASP ESAPI C Project
 * OWASP ESAPI Perl Project

= Marketing Materials =

Philosophy
OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.

Rules
The following rules make reference to the OWASP Materials, meaning any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.


 * 1) The OWASP Brand may be used to direct people to the OWASP website for information about application security.
 * 2) The OWASP Brand may be used in commentary about the materials found on the OWASP website.
 * 3) The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
 * 4) The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
 * 5) The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
 * 6) The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
 * 7) The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
 * 8) The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
 * 9) The OWASP Brand may be used by special arrangement with The OWASP Foundation.

Resources
Download our OWASP Image Toolbox. This includes all of OWASP's branding images.

Logos
https://www.owasp.org/images/7/78/Owasp_logo_122106.png - https://www.owasp.org/images/3/38/Owasp_member_trans.gif

Download our OWASP Image Toolbox. This includes all of OWASP's branding images.

Business Card Templates
OWASP Business Card Template Front: https://www.owasp.org/index.php/File:OWASPBusinessCardTemplateFront.psd

OWASP Business Card Template Back: https://www.owasp.org/index.php/File:OWASPBusinessCardTemplateBack.psd

Ads/Flyers
2012 Print Ad

https://www.owasp.org/images/4/49/OWASP_Brochure_-_Global.pdf

2012 Print Ad "One Byte at a Time" 

Powerpoint Version: https://www.owasp.org/images/2/24/OWASP-AD-V3-FINAL.ppt

Standard .PDF - https://www.owasp.org/images/a/ac/OWASP-AD-V3-FINAL.pdf

A4 Print ready - https://www.owasp.org/images/2/2d/OWASP-AD-V3-FINAL-A4.pdf

A4-2 Print ready - https://www.owasp.org/images/1/1f/OWASP-AD-V3-FINAL-A42.pdf

Banners
Pictures of the banners and links to the dropbox files also appear here

Cog wheel banner

Honeycomb banner

Presentation
Slides presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for a "overview of owasp"

2012 Where we are, Where we are going..

2011 Where we are, Where we are going..

Questions
If you have any questions or concerns, please contact the OWASP Project Manager, Samantha Groves

= Projects Terminology =

Conference Fees
Access to conference:


 * Before Sept 30th: 3200.00 UYU (approx. 150.00 USD)
 * Before Oct 31st: 4250.00 UYU (approx. 200.00 USD)
 * After Nov 1st:   5300.00 UYU (approx. 250.00 USD)

Trainings


 * One day: 8500.00 UYU (approx. 400.00 USD)
 * Two days: 17000.00 UYU (approx. 800.00 USD)

Discounts


 * OWASP Member: 50.00 USD (Note: This discount is equal to the cost of becoming an OWASP paid Member.)
 * Student: 1600.00 UYU (approx. 75.00 USD). Note: student ID or other proof of current student status is required.
 * Special discounts available for groups registrations. Please send inquiries to [mailto:appseclatam2012@owasp.org appseclatam2012@owasp.org].

Online Registration
Registration is not yet available for this event. Check back the beginning of September for registration details.

= Sponsorships and Donations =

Donate to OWASP Projects Division
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

This is how your money can help:


 * $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
 * $100 could help fund OWASP project demos at major conferences.
 * $250 could help get our volunteer Project Leaders to speaking engagements.



OWASP Project Sponsors

 * Name, Link and Logo with sort description of what they donated.

= Global Project Committee =

Chris Schmidt
= Contact US =

OWASP Representation

 * Samantha Groves: OWASP Project Manager

Global Project Committee Members

 * Jason Li: Acting Committee Chair
 * Brad Causey: Committee Member
 * Chris Schmidt: Committee Member
 * Justin Searle: Committee Member
 * Nishi Kumar: Committee Member
 * Keith Turpin: Committee Member

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Project Manager, Samantha Groves.

= Press and Communications =

OWASP Representation

 * Samantha Groves: OWASP Project Manager

Global Project Committee Members

 * Jason Li: Acting Committee Chair
 * Brad Causey: Committee Member
 * Chris Schmidt: Committee Member
 * Justin Searle: Committee Member
 * Nishi Kumar: Committee Member
 * Keith Turpin: Committee Member

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Project Manager, Samantha Groves.

= PM Information =

GPC Meeting Reports

 * GPC Meeting: August 24 2012 Project Manager Report
 * GPC Meeting: September 07 2012 Project Manager Report
 * GPC Meeting: September 14 2012 Project Manager Report
 * GPC Meeting: September 21 2012 Project Manager Report
 * GPC Meeting: September 28 2012 Project Manager Report
 * GPC Meeting: October 05 2012 Project Manager Report
 * GPC Meeting: October 12 2012 Project Manager Report
 * GPC Meeting: October 19 2012 Project Manager Report
 * GPC Meeting: November 09 2012 Project Manager Report
 * GPC Meeting: November 16 2012 Project Manager Report
 * GPC Meeting: November 30 2012 Project Manager Report
 * GPC Meeting: December 07 2012 Project Manager Report

Board Meeting Reports

 * Board Meeting: August 2012 Project Manager Report
 * Board Meeting: September 2012 Project Manager Report
 * Board Meeting: October 2012 Project Manager Report
 * Board Meeting: November 2012 Project Manager Report

Project Manger's Quarterly Strategic Objectives
Goals and Objectives: 2012 Q4
 * Identify and initiate 3 grant opportunities.
 * Complete metadata for Salesforce import related to projects.
 * Finalise and launch the Project database communication tool and webpage
 * https://www.owasp.org/index.php/Test2test
 * Complete the project lifecycle redesign
 * Sort out levels and stages for projects.
 * Determine and define landmarks for project advancement.
 * Document release stages and reviewer participation.
 * Update Project handbook
 * Document process for project donation.
 * Define and develop process for project advancement.
 * Define and develop process for funding requests.

Yearly Projects Budget

 * OWASP Projects Division Budget: 2013

Contact the Project Manager
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Project Manager, Samantha Groves.