Welcome to our first episode of this PodCast. Join @joubinj, @DGelici, and @InfosecVandana from the start of the official OWASP PodCast. We hope to bring you a mini PodCast from inside of OWASP.
02 May Notes - Episode 2: • Spotlight Series - https://owasp.org/projects/spotlight/ • Open Security Summit session that Vandana referred to as the time when she got inspired to start the Spotlight series: https://www.youtube.com/watch?v=7zs4wezbt8o • Education Committee's "How To get into Appsec Project's" Survey into Appsec Practitioners Landscape (takes less than 5min) - https://forms.gle/UoM2PobtbRrZxo3J7 • How to become a lifetime member and remember there are savings for the 20th Anniversary of OWASP - https://owasp.org/membership/ • OWASP Chapter Rules and Inactive Chapters - Updates on effort made to reach out to dormant chapters and also the new requirements from chapters. • Sacramento chapter slack channel link: https://owasp.slack.com/archives/CN89K5H9D • New merchandise store: https://www.zazzle.com/s/owasp_foundation • Easter egg - a Turkish word
Events Committee call for volunteers: https://owasp.org/events/committee/2021/05/11/call-for-event-committee-volunteers Upcoming events: July 13 Lightning conference: https://lightning.owasp.org/ July 20 Virtual Training: https://training.owasp.org/ OWASP 20th anniversary celebration: https://20thanniversary.owasp.org/ Global AppSec multiple of them happening: https://owasp.org/events/ Reach out to us on Twitter: https://twitter.com/OWASPPodcast !!! HAPPY FATHER's DAY !!! Just a reminder, appsec professionals survey is still open https://twitter.com/owasphow2appsec/status/1413377377057476614?s=21
Show notes 1-August - Top10 updates and more with Andrew van der Stock TOP10 section notes: We have talked with former Board member, current Executive Director of OWASP and long term big time contributor to the Top 10 project, Andrew van der Stock, about; The past and the present of OWASP Top10. What it is and what it isn't. How it is different to standards or other Top X lists. The data and process behind it and the new Top10! YOU HEAR IT HERE FIRST FOLKS!! Changes to the categories and ordering to Top10 - Andrew goes through the new categories and major changes! Follow the project on twitter @ https://twitter.com/owasptop10 For the process: https://www.owasptopten.org/ For data submission: https://github.com/OWASP/Top10/tree/master/2021/Data 3 new categories in 2021 version: Insecure design (missing, ineffective or redundant designs) Server side request forgery (SSRF) Software and data integrity failures Ordering has changed and multiple previous categories merged. Final order will be revealed at the OWASP 20th Anniversary event on 24th September 2021 https://20thanniversary.owasp.org/ We want to thank all contributors to OWASP Top 10 for creating something which inspired many people to get into security. Extras: For getting involved in the education committee or the two new projects mentioned during the episode [Appsec Curriculum project and How to get into Appsec project ] education-committee slack channel is: https://owasp.slack.com/archives/C016H3FK3D5 Orange Tsai - world-renowned expert of SSRF - https://twitter.com/orange_8361 & https://blog.orange.tw/ Non-Top10 updates: In the spirit of its 20th birthday, we have talked about the story of OWASP. Mark Curphey's post on Veracode blog for the start story of the OWASP: https://www.veracode.com/blog/intro-appsec/start-owasp-true-story New flagship project: Software Bill of Materials (in partnership withCycloneDX) https://owasp.org/www-project-cyclonedx/ Vendor-neutral vs vendor-hostile approach Elections for the Board coming up!! There will be a call for candidates for the Board mid-August!! Watch this space and apply. If you are on OWASP leader list, please contribute to the revamp of Mission Statement. Check your mailbox for instructions. We are at the Black Hat US! Come visit our booth (search for OWASP in the vendor booth list) Corporate Membership structure is reshaped and been published: https://owasp.org/supporters/ trademark licensing for training partners has become much easier and sponsorships become much easily recognised, plus affordability for startups and regions We passed 4600 members and the new individual Membership Portal is launched: https://owasp.org/membership/2021/07/05/MembershipPortal.html (edited)