https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=BrennanOWASP - User contributions [en]2026-05-11T05:55:43ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=User:Brennan&diff=250891User:Brennan2019-05-01T14:30:46Z<p>Brennan: </p>
<hr />
<div> <br />
[http://www.linkedin.com/in/tombrennan https://www.owasp.org/images/7/7f/Linkedin-button.png]<br />
[[File:Brennan-press.jpg|left|thumb]]<br />
Tom Brennan is Chief Technology Officer/Chief Information Officer for Mandelbaum Salsburg provides strategic guidance to the Firm in regards to its cybersecurity efforts and critical infrastructure He is a an alumni of ProactiveRISK, IOActive, McAfee, Intel Security, SAFECode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. <br />
<br />
Tom served the OWASP Foundation as an elected member of the Global Board of Directors for (10) years for OWASP Foundation and volunteers his time to the OWASP NYC/Manhatten and Northern New Jersey Chapter.<br />
<br />
<br />
'''Artifacts:'''<br />
<br />
- Written recommendations from 60+ industry leaders: [http://www.linkedin.com/in/tombrennan ONLINE]<br />
<br />
-OWASP interview at AppSecUSA 2013 - [http://www.youtube.com/watch?v=jU-QEUeh9-U Video]<br />
<br />
-Interview with [https://www.owasp.org/images/9/9f/WEB_APPC_PENTESTING_03_2012.pdf PenTest Magazine] about OWASP Foundation.<br />
<br />
- 2012 OWASP Board Candidate Interview: [https://www.owasp.org/download/2012-board-election/OWASP2012BoardInterviews_TomBrennan.mp3 Audio] / [https://www.owasp.org/images/e/e3/OWASP_2012_Board_Interviews_-_Tom_Brennan.pdf Transcript]<br />
<br />
- 2008 OWASP Board Candidate Interview - [http://vimeo.com/23889097 Video 1], [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Video 2]<br />
<br />
- Thousands of wiki commits to OWASP.ORG since 2004 see: [https://www.owasp.org/index.php/Special:Contributions/Brennan Wiki Edits]<br />
<br />
Contributor and champion to many OWASP projects including:<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Incident_Response_Project OWASP Incident Response Top 10 Project]<br />
<br />
-- [https://www.owasp.org/index.php?title=OWASP_Virtual_Lab_Tool_Project OWASP Virtual Village]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP RFQ Criteria, Software Security]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool OWASP Switchblade HTTP Post DoS Tool]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
-- [https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security Core Rule Set]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Cyber_Defense_Matrix OWASP Matrix Project]<br />
<br />
Additional Projects<br />
<br />
-- [http://www.penteston.com PENTESTON] a commercial vulnerability assessment platform utilizing the [http://www.proactiverisk.com CATSCAN] assessment methodology. <br />
<br />
-- [http://www.hacknyc.com HACKNYC Conference]<br />
<br />
-- [http://www.nymjcsc.org New York Metro Joint Cyber Security Conference] (NYMJCSC)</div>Brennanhttps://wiki.owasp.org/index.php?title=New_Jersey_North&diff=246483New Jersey North2019-01-09T22:22:17Z<p>Brennan: updated url</p>
<hr />
<div>== OWASP New York City | Northern New Jersey ==<br />
<br />
Chapter Leaders<br />
<br />
Tom Brennan<br />
<br />
Evin Hernandez<br />
<br />
2017 Appointed Organizers - [https://www.meetup.com/owaspnycnj/members/?op=leaders Click Here]<br />
<br />
== Participation == <br />
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing Overview Slides]) is a professional association of [[Membership | global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]]. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a <b>SPEAKER</b> at ANY OWASP Chapter in the world simply review the [[Speaker_Agreement | speaker agreement]] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
== Upcoming Events 2017 ==<br />
<br />
The local chapter hosts many meetings, events, seminars, training and virtual sessions. Click below to participate in the next one by RSVP'ing in advance of the event.<br />
<h2>[https://www.meetup.com/owaspnycnj/ https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [https://www.meetup.com/owaspnyc/ New York City | New Jersey Schedule of Events] - [https://www.meetup.com/nymjcsc/ Click Here More Info] </h2><br />
<br />
Please note that venues typically have building security and may have several hundred people in attendance. Due to this fact, please ensure that you register with your first name and last name or you may be refused entry to the facility by the building. in NYC and New Jersey do require you to register with your first and last name or you may be refused entry to the building.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:New York]]<br />
<br />
Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]] -- Local Sponsorship opportunities [https://www.owasp.org/images/b/ba/NYC_Chapter_Sponsorship.pdf Click Here]</div>Brennanhttps://wiki.owasp.org/index.php?title=New_York_City&diff=245558New York City2018-11-27T01:35:30Z<p>Brennan: /* Upcoming Events 2017 */</p>
<hr />
<div>== OWASP New York City | Northern New Jersey ==<br />
<br />
Chapter Leaders<br />
<br />
[mailto:tomb@owasp.org Tom Brennan] [mailto:evin.hernandez@owasp.org Evin Hernandez]<br />
<br />
OWASP Foundation is a 501(c)3 Not for Profit association with local and [[Membership |global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]]. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a <b>SPEAKER</b> at ANY OWASP Chapter in the world simply review the [[Speaker_Agreement | speaker agreement]] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
== Upcoming Events ==<br />
<br />
The local chapter currently uses a meet-up site for posting information about upcoming events etc.. click below to have a look of what is coming up when and where in the New York City / Northern New Jersey Metro region.<br />
<h2>[https://www.meetup.com/owaspnycnj/ https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [https://www.meetup.com/owaspnyc/ New York City | Northern New Jersey Schedule of Events] - [https://www.meetup.com/owaspnyc/ Click Here More Info] </h2><br />
<br />
Please note that venues typically have building security and may have several hundred people in attendance. Due to this fact, please ensure that you register with your first name and last name or you may be refused entry to the facility by the building. in NYC and New Jersey do require you to register with your first and last name or you may be refused entry to the building.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:New York]]<br />
<br />
Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]] -- Local Sponsorship opportunities [https://www.owasp.org/images/b/ba/NYC_Chapter_Sponsorship.pdf Click Here]<br />
<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP NYC<br />
}}</div>Brennanhttps://wiki.owasp.org/index.php?title=New_York_City&diff=245557New York City2018-11-27T01:35:17Z<p>Brennan: </p>
<hr />
<div>== OWASP New York City | Northern New Jersey ==<br />
<br />
Chapter Leaders<br />
<br />
[mailto:tomb@owasp.org Tom Brennan] [mailto:evin.hernandez@owasp.org Evin Hernandez]<br />
<br />
OWASP Foundation is a 501(c)3 Not for Profit association with local and [[Membership |global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]]. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a <b>SPEAKER</b> at ANY OWASP Chapter in the world simply review the [[Speaker_Agreement | speaker agreement]] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
== Upcoming Events 2017 ==<br />
<br />
The local chapter currently uses a meet-up site for posting information about upcoming events etc.. click below to have a look of what is coming up when and where in the New York City / Northern New Jersey Metro region.<br />
<h2>[https://www.meetup.com/owaspnycnj/ https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [https://www.meetup.com/owaspnyc/ New York City | Northern New Jersey Schedule of Events] - [https://www.meetup.com/owaspnyc/ Click Here More Info] </h2><br />
<br />
Please note that venues typically have building security and may have several hundred people in attendance. Due to this fact, please ensure that you register with your first name and last name or you may be refused entry to the facility by the building. in NYC and New Jersey do require you to register with your first and last name or you may be refused entry to the building.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:New York]]<br />
<br />
Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]] -- Local Sponsorship opportunities [https://www.owasp.org/images/b/ba/NYC_Chapter_Sponsorship.pdf Click Here]<br />
<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP NYC<br />
}}</div>Brennanhttps://wiki.owasp.org/index.php?title=Talk:New_York_City&diff=245556Talk:New York City2018-11-27T01:33:14Z<p>Brennan: Created page with "What topics would you like to see the chapter focus on in FY19"</p>
<hr />
<div>What topics would you like to see the chapter focus on in FY19</div>Brennanhttps://wiki.owasp.org/index.php?title=New_York_City&diff=245555New York City2018-11-27T01:32:44Z<p>Brennan: /* OWASP New York City | Northern New Jersey */</p>
<hr />
<div>== OWASP New York City | Northern New Jersey ==<br />
<br />
Chapter Leaders<br />
<br />
[mailto:tomb@owasp.org Tom Brennan] [mailto:evin.hernandez@owasp.org Evin Hernandez]<br />
<br />
OWASP Foundation ([https://docs.google.com/a/owasp.org/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?usp=sharing Overview Slides]) is a professional association of [[Membership | global members]] and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the [[Chapter_Leader_Handbook]]. As a [[About_OWASP | 501(c)(3)]] non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a <b>SPEAKER</b> at ANY OWASP Chapter in the world simply review the [[Speaker_Agreement | speaker agreement]] and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
== Upcoming Events 2017 ==<br />
<br />
The local chapter currently uses a meet-up site for posting information about upcoming events etc.. click below to have a look of what is coming up when and where in the New York City / Northern New Jersey Metro region.<br />
<h2>[https://www.meetup.com/owaspnycnj/ https://www.owasp.org/images/8/82/Meetup_logo3.jpg] [https://www.meetup.com/owaspnyc/ New York City | Northern New Jersey Schedule of Events] - [https://www.meetup.com/owaspnyc/ Click Here More Info] </h2><br />
<br />
Please note that venues typically have building security and may have several hundred people in attendance. Due to this fact, please ensure that you register with your first name and last name or you may be refused entry to the facility by the building. in NYC and New Jersey do require you to register with your first and last name or you may be refused entry to the building.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United States]]<br />
[[Category:New York]]<br />
<br />
Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]] -- Local Sponsorship opportunities [https://www.owasp.org/images/b/ba/NYC_Chapter_Sponsorship.pdf Click Here]<br />
<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP NYC<br />
}}</div>Brennanhttps://wiki.owasp.org/index.php?title=User:Brennan&diff=244429User:Brennan2018-10-22T17:30:25Z<p>Brennan: tweak</p>
<hr />
<div> <br />
[http://www.linkedin.com/in/tombrennan https://www.owasp.org/images/7/7f/Linkedin-button.png]<br />
[[File:Brennan-press.jpg|left|thumb]]<br />
Tom Brennan is a [https://ioactive.com/article/ioactive-engages-tom-brennan-to-accelerate-east-coast-client-operations/ Director at IOActive]. IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Research teams deliver a portfolio of specialist security services ranging from security advising to penetration testing and application code assessment to chip reverse engineering across multiple industries. Tom is also a member of [http://www.proactiverisk.com Proactive Risk] and has two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, [https://safecode.org/ SAFECode], Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. <br />
<br />
Tom served the OWASP Foundation as an elected member of the Global Board of Directors for (10) years for OWASP Foundation. He also founded the New Jersey Chapter and grew the New York City as President for (13) Years.<br />
<br />
Today Tom is associated with [http://www.crest-approved.org/usa/crest-usa-chapter-board/index.html CREST International] as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official and is a member of the CERT team.<br />
<br />
<br />
'''Artifacts:'''<br />
<br />
- Written recommendations from 60+ industry leaders: [http://www.linkedin.com/in/tombrennan ONLINE]<br />
<br />
-OWASP interview at AppSecUSA 2013 - [http://www.youtube.com/watch?v=jU-QEUeh9-U Video]<br />
<br />
-Interview with [https://www.owasp.org/images/9/9f/WEB_APPC_PENTESTING_03_2012.pdf PenTest Magazine] about OWASP Foundation.<br />
<br />
- 2012 OWASP Board Candidate Interview: [https://www.owasp.org/download/2012-board-election/OWASP2012BoardInterviews_TomBrennan.mp3 Audio] / [https://www.owasp.org/images/e/e3/OWASP_2012_Board_Interviews_-_Tom_Brennan.pdf Transcript]<br />
<br />
- Video Interview about OWASP with Tom Brennan, 2008 - [http://vimeo.com/23889097 Video 1], [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Video 2]<br />
<br />
- Thousands of wiki commits to OWASP.ORG since 2004 see: [https://www.owasp.org/index.php/Special:Contributions/Brennan Wiki Edits]<br />
<br />
Contributor and champion to many OWASP projects including:<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Incident_Response_Project OWASP Incident Response Top 10 Project]<br />
<br />
-- [https://www.owasp.org/index.php?title=OWASP_Virtual_Lab_Tool_Project OWASP Virtual Village]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP RFQ Criteria, Software Security]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool OWASP Switchblade HTTP Post DoS Tool]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
-- [https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security Core Rule Set]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Cyber_Defense_Matrix OWASP Matrix Project]<br />
<br />
Additional Projects<br />
<br />
-- [http://www.penteston.com PENTESTON] a commercial vulnerability assessment platform utilizing the [http://www.proactiverisk.com CATSCAN] assessment methodology. <br />
<br />
-- [http://www.hacknyc.com HACKNYC Conference]<br />
<br />
-- [http://www.nymjcsc.org New York Metro Joint Cyber Security Conference] (NYMJCSC)</div>Brennanhttps://wiki.owasp.org/index.php?title=User:Brennan&diff=244428User:Brennan2018-10-22T17:21:15Z<p>Brennan: </p>
<hr />
<div> <br />
[http://www.linkedin.com/in/tombrennan https://www.owasp.org/images/7/7f/Linkedin-button.png]<br />
[[File:Brennan-press.jpg|left|thumb]]<br />
Tom Brennan is a [https://ioactive.com/article/ioactive-engages-tom-brennan-to-accelerate-east-coast-client-operations/ Director at IOActive]. IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from security advising to penetration testing and application code assessment to chip reverse engineering across multiple industries. Tom is also a member of [http://www.proactiverisk.com Proactive Risk] and has two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, [https://safecode.org/ SAFECode], Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. <br />
<br />
Tom served the OWASP Foundation as an elected member of the Global Board of Directors for (10) years for OWASP Foundation. He also founded the New Jersey Chapter and grew the New York City as President for (13) Years.<br />
<br />
Today Tom is associated with [http://www.crest-approved.org/usa/crest-usa-chapter-board/index.html CREST International] as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official and is a member of the CERT team.<br />
<br />
<br />
'''Artifacts:'''<br />
<br />
- Written recommendations from 60+ industry leaders: [http://www.linkedin.com/in/tombrennan ONLINE]<br />
<br />
-OWASP interview at AppSecUSA 2013 - [http://www.youtube.com/watch?v=jU-QEUeh9-U Video]<br />
<br />
-Interview with [https://www.owasp.org/images/9/9f/WEB_APPC_PENTESTING_03_2012.pdf PenTest Magazine] about OWASP Foundation.<br />
<br />
- 2012 OWASP Board Candidate Interview: [https://www.owasp.org/download/2012-board-election/OWASP2012BoardInterviews_TomBrennan.mp3 Audio] / [https://www.owasp.org/images/e/e3/OWASP_2012_Board_Interviews_-_Tom_Brennan.pdf Transcript]<br />
<br />
- Video Interview about OWASP with Tom Brennan, 2008 - [http://vimeo.com/23889097 Video 1], [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Video 2]<br />
<br />
- Thousands of wiki commits to OWASP.ORG since 2004 see: [https://www.owasp.org/index.php/Special:Contributions/Brennan Wiki Edits]<br />
<br />
Contributor and champion to many OWASP projects including:<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Incident_Response_Project OWASP Incident Response Top 10 Project]<br />
<br />
-- [https://www.owasp.org/index.php?title=OWASP_Virtual_Lab_Tool_Project OWASP Virtual Village]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP RFQ Criteria, Software Security]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool OWASP Switchblade HTTP Post DoS Tool]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
-- [https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security Core Rule Set]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Cyber_Defense_Matrix OWASP Matrix Project]<br />
<br />
Additional Projects<br />
<br />
-- [http://www.penteston.com PENTESTON] a commercial vulnerability assessment platform utilizing the [http://www.proactiverisk.com CATSCAN] assessment methodology. <br />
<br />
-- [http://www.hacknyc.com HACKNYC Conference]<br />
<br />
-- [http://www.nymjcsc.org New York Metro Joint Cyber Security Conference] (NYMJCSC)</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_HTTP_Post_Tool&diff=242324OWASP HTTP Post Tool2018-08-07T11:41:02Z<p>Brennan: /* News and Events */</p>
<hr />
<div>__NOTOC__<br />
<br />
=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=Switch_Blade<br />
}} <br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Switchblade 4.0 ==<br />
<br />
==Introduction==<br />
<br />
OWASP Switchblade is a denial of service tool used for testing the availability, performance and capacity planning of a web application to be proactive about this type of risk condition<br />
<br />
==Description==<br />
<br />
The projected started in early 2000 as a way to test the capacity of simultaneous users connected to a web application and was not public tool. In 2010 the tool was created by [http://www.proactiverisk.com ProactiveRISK] to educate the OWASP Community about the Denial of Service conditions that can exist with Layer7<br />
<br />
Watch the [https://youtu.be/lYQFF4Ki8_s LIVE DEMO] Video<br />
<br />
==Licensing==<br />
OWASP Switchblade is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Switchblade ==<br />
<br />
OWASP Switchblade provides (3) different types of denial of service conditions that can be tested from a single machine<br />
<br />
* SSL Half Connect<br />
* HTTP Post Attack<br />
* Slowloris<br />
<br />
== Presentation ==<br />
<br />
Link to [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf presentation]<br />
<br />
== Project Leader ==<br />
<br />
[http://www.proactiverisk.com Tom Brennan]<br />
<br />
== Related Projects ==<br />
[https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
* [https://drive.google.com/file/d/0B2KpD4S8_DdReFJCUVJpaXhKSUU/view?usp=sharing Windows Installer] <br><br />
* [https://github.com/proactiveRISK/ddos-toolbox GITHUB]<br />
<br />
== Email List ==<br />
<br />
N/A<br />
<br />
== News and Events ==<br />
* 7-Aug-2018 Blackhat/Defcon<br />
<br />
== In Print ==<br />
N/A<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_HTTP_Post_Tool&diff=242323OWASP HTTP Post Tool2018-08-07T11:40:11Z<p>Brennan: </p>
<hr />
<div>__NOTOC__<br />
<br />
=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=Switch_Blade<br />
}} <br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Switchblade 4.0 ==<br />
<br />
==Introduction==<br />
<br />
OWASP Switchblade is a denial of service tool used for testing the availability, performance and capacity planning of a web application to be proactive about this type of risk condition<br />
<br />
==Description==<br />
<br />
The projected started in early 2000 as a way to test the capacity of simultaneous users connected to a web application and was not public tool. In 2010 the tool was created by [http://www.proactiverisk.com ProactiveRISK] to educate the OWASP Community about the Denial of Service conditions that can exist with Layer7<br />
<br />
Watch the [https://youtu.be/lYQFF4Ki8_s LIVE DEMO] Video<br />
<br />
==Licensing==<br />
OWASP Switchblade is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Switchblade ==<br />
<br />
OWASP Switchblade provides (3) different types of denial of service conditions that can be tested from a single machine<br />
<br />
* SSL Half Connect<br />
* HTTP Post Attack<br />
* Slowloris<br />
<br />
== Presentation ==<br />
<br />
Link to [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf presentation]<br />
<br />
== Project Leader ==<br />
<br />
[http://www.proactiverisk.com Tom Brennan]<br />
<br />
== Related Projects ==<br />
[https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
* [https://drive.google.com/file/d/0B2KpD4S8_DdReFJCUVJpaXhKSUU/view?usp=sharing Windows Installer] <br><br />
* [https://github.com/proactiveRISK/ddos-toolbox GITHUB]<br />
<br />
== Email List ==<br />
<br />
N/A<br />
<br />
== News and Events ==<br />
* March 27th 2017 added .ZIP file<br />
<br />
== In Print ==<br />
N/A<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}</div>Brennanhttps://wiki.owasp.org/index.php?title=File:Roberts_Rules_Handout.pdf&diff=237582File:Roberts Rules Handout.pdf2018-02-15T14:11:36Z<p>Brennan: Brennan uploaded a new version of File:Roberts Rules Handout.pdf</p>
<hr />
<div>Roberts Rules for Meetings</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Incident_Response_Project&diff=236990OWASP Incident Response Project2018-01-23T01:54:38Z<p>Brennan: /* Related Projects */</p>
<hr />
<div>=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP_Incident_Response_Project<br />
}} <br />
<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Top 10 Guidance for Incident Response==<br />
<br />
==Audience==<br />
<br />
Breaches happen every day as you learn about them in the news. Is your business prepared? This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement & legal council. This guidance should be considered when building a comprehensive approach. This guidance intends to guide the reader on topics that need to be part of the plan in your organization, this includes those responsible for managing the business and technical risk of the entire organization.<br />
<br />
==Licensing==<br />
<br />
Creative Commons Attribution-NonCommercial-ShareAlike<br />
==Project Sponsor==<br />
OWASP Top 10 Guidance for Incident Response project is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== In Print ==<br />
<br />
[https://www.owasp.org/images/9/92/Top10ConsiderationsForIncidentResponse.pdf Version 1.0 .PDF Version]<br />
<br />
== Presentation ==<br />
<br />
[https://www.owasp.org/images/b/bd/IR_Top_10_Considerations_-_Slides-v2.pdf Slides]<br />
<br />
== Project Leader ==<br />
<br />
[https://www.owasp.org/index.php/User:Brennan Tom Brennan] [http://www.twitter.com/brennantom @brennantom]<br />
<br />
== Version 2.0 ==<br />
Want to help out and make this project BETTER? Add your comments here<br />
[https://docs.google.com/document/d/1TbIwFW_Z1d7jhnQL9vkdBzFtRC1lmHp9JpTXYXyN58A/edit?usp=sharing Version 2.0 GoogleDocs - Add Comments]<br />
<br />
== Related Projects ==<br />
<br />
[https://www.owasp.org/index.php/OWASP_Anti-Ransomware_Guide_Project OWASP Randsomware]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top 10]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheat Sheets]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security CRS]<br />
<br />
[https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project Web Hacking Incident Database]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
* Release date 12/7/2015<br />
* 01/13/2018 NYC Chapter Meeting V2.0<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Incident Response Project is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan], [http://www.proactiverisk.com ProactiveRISK]<br />
* Jason Jolo, [http://www.proactiverisk.com ProactiveRISK]<br />
* Jordan Lewis<br />
* <insert your name><br />
* <insert your name><br />
<br />
Want to help? Get in touch with us<br />
<br />
==Others==<br />
* OWASP NYC Metro Chapter<br />
<br />
= Road Map and Getting Involved =<br />
Involvement in the development and promotion of OWASP Incident Response Project is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
<br />
* Proof Reading<br />
* Graphic Design<br />
* Conduct Industry Survey<br />
* Educate local communities<br />
* list of open-source IR tools<br />
* <insert your idea><br />
<br />
=Project About=<br />
{{:Projects/OWASP_Incident_Response_Project}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Incident_Response_Project&diff=236989OWASP Incident Response Project2018-01-23T01:53:56Z<p>Brennan: /* OWASP Top 10 Guidance for Incident Response */</p>
<hr />
<div>=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP_Incident_Response_Project<br />
}} <br />
<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Top 10 Guidance for Incident Response==<br />
<br />
==Audience==<br />
<br />
Breaches happen every day as you learn about them in the news. Is your business prepared? This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement & legal council. This guidance should be considered when building a comprehensive approach. This guidance intends to guide the reader on topics that need to be part of the plan in your organization, this includes those responsible for managing the business and technical risk of the entire organization.<br />
<br />
==Licensing==<br />
<br />
Creative Commons Attribution-NonCommercial-ShareAlike<br />
==Project Sponsor==<br />
OWASP Top 10 Guidance for Incident Response project is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== In Print ==<br />
<br />
[https://www.owasp.org/images/9/92/Top10ConsiderationsForIncidentResponse.pdf Version 1.0 .PDF Version]<br />
<br />
== Presentation ==<br />
<br />
[https://www.owasp.org/images/b/bd/IR_Top_10_Considerations_-_Slides-v2.pdf Slides]<br />
<br />
== Project Leader ==<br />
<br />
[https://www.owasp.org/index.php/User:Brennan Tom Brennan] [http://www.twitter.com/brennantom @brennantom]<br />
<br />
== Version 2.0 ==<br />
Want to help out and make this project BETTER? Add your comments here<br />
[https://docs.google.com/document/d/1TbIwFW_Z1d7jhnQL9vkdBzFtRC1lmHp9JpTXYXyN58A/edit?usp=sharing Version 2.0 GoogleDocs - Add Comments]<br />
<br />
== Related Projects ==<br />
<br />
[https://www.owasp.org/index.php/OWASP_Anti-Ransomware_Guide_Project OWASP Randsomware]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top 10]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheat Sheets]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security CRS]<br />
<br />
[https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project Web Hacking Incident Database]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
* Release date 12/7/2015 NYC Chapter Meeting<br />
* Malware<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Incident Response Project is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan], [http://www.proactiverisk.com ProactiveRISK]<br />
* Jason Jolo, [http://www.proactiverisk.com ProactiveRISK]<br />
* Jordan Lewis<br />
* <insert your name><br />
* <insert your name><br />
<br />
Want to help? Get in touch with us<br />
<br />
==Others==<br />
* OWASP NYC Metro Chapter<br />
<br />
= Road Map and Getting Involved =<br />
Involvement in the development and promotion of OWASP Incident Response Project is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
<br />
* Proof Reading<br />
* Graphic Design<br />
* Conduct Industry Survey<br />
* Educate local communities<br />
* list of open-source IR tools<br />
* <insert your idea><br />
<br />
=Project About=<br />
{{:Projects/OWASP_Incident_Response_Project}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Incident_Response_Project&diff=236988OWASP Incident Response Project2018-01-23T01:51:50Z<p>Brennan: /* OWASP Top 10 Guidance for Incident Response */</p>
<hr />
<div>=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP_Incident_Response_Project<br />
}} <br />
<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Top 10 Guidance for Incident Response==<br />
<br />
==Audience==<br />
<br />
Breaches happen every day as you learn about them in the news. Is your business prepared? This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement & legal council. This guidance should be considered when building a comprehensive approach. This guidance is intends to guide the reader on topics that need to be part of the plan in your organization, this includes those responsible for managing the business and technical risk of the entire organization.<br />
<br />
==Licensing==<br />
<br />
Creative Commons Attribution-NonCommercial-ShareAlike<br />
==Project Sponsor==<br />
OWASP Top 10 Guidance for Incident Response project is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== In Print ==<br />
<br />
[https://www.owasp.org/images/9/92/Top10ConsiderationsForIncidentResponse.pdf Version 1.0 .PDF Version]<br />
<br />
== Presentation ==<br />
<br />
[https://www.owasp.org/images/b/bd/IR_Top_10_Considerations_-_Slides-v2.pdf Slides]<br />
<br />
== Project Leader ==<br />
<br />
[https://www.owasp.org/index.php/User:Brennan Tom Brennan] [http://www.twitter.com/brennantom @brennantom]<br />
<br />
== Version 2.0 ==<br />
Want to help out and make this project BETTER? Add your comments here<br />
[https://docs.google.com/document/d/1TbIwFW_Z1d7jhnQL9vkdBzFtRC1lmHp9JpTXYXyN58A/edit?usp=sharing Version 2.0 GoogleDocs - Add Comments]<br />
<br />
== Related Projects ==<br />
<br />
[https://www.owasp.org/index.php/OWASP_Anti-Ransomware_Guide_Project OWASP Randsomware]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top 10]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheat Sheets]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security CRS]<br />
<br />
[https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project Web Hacking Incident Database]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
* Release date 12/7/2015 NYC Chapter Meeting<br />
* Malware<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Incident Response Project is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan], [http://www.proactiverisk.com ProactiveRISK]<br />
* Jason Jolo, [http://www.proactiverisk.com ProactiveRISK]<br />
* Jordan Lewis<br />
* <insert your name><br />
* <insert your name><br />
<br />
Want to help? Get in touch with us<br />
<br />
==Others==<br />
* OWASP NYC Metro Chapter<br />
<br />
= Road Map and Getting Involved =<br />
Involvement in the development and promotion of OWASP Incident Response Project is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
<br />
* Proof Reading<br />
* Graphic Design<br />
* Conduct Industry Survey<br />
* Educate local communities<br />
* list of open-source IR tools<br />
* <insert your idea><br />
<br />
=Project About=<br />
{{:Projects/OWASP_Incident_Response_Project}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Brennanhttps://wiki.owasp.org/index.php?title=User:Brennan&diff=236259User:Brennan2017-12-13T18:33:07Z<p>Brennan: </p>
<hr />
<div> <br />
[http://www.linkedin.com/in/tombrennan https://www.owasp.org/images/7/7f/Linkedin-button.png]<br />
[[File:Brennan-press.jpg|left|thumb]]<br />
Tom Brennan is the Founder of [http://www.proactiverisk.com Proactive Risk] with two decades of hands on the keyboard building, breaking and defending data for clients worldwide. He is a an alumni of McAfee, Intel Security, SafeCode, Trustwave, WhiteHat, ADP, Datek Online and the United States Marines. Tom served the OWASP Foundation as an elected member of the Global Board of Directors for (10) years for OWASP Foundation. He also founded the New Jersey Chapter and grew the New York City as President for (13) Years.<br />
<br />
Today Tom is associated with [http://www.crest-approved.org/usa/crest-usa-chapter-board/index.html CREST International] as its elected Chairman of the Americas Board and participates as technical advisor for New Jersey Institute of Technology, County College of Morris, Morris County Economic Development Corporation, Rockaway Township Official and is a member of the CERT team.<br />
<br />
<br />
'''Artifacts:'''<br />
<br />
- Written recommendations from 60+ industry leaders: [http://www.linkedin.com/in/tombrennan ONLINE]<br />
<br />
-OWASP interview at AppSecUSA 2013 - [http://www.youtube.com/watch?v=jU-QEUeh9-U Video]<br />
<br />
-Interview with [https://www.owasp.org/images/9/9f/WEB_APPC_PENTESTING_03_2012.pdf PenTest Magazine] about OWASP Foundation.<br />
<br />
- 2012 OWASP Board Candidate Interview: [https://www.owasp.org/download/2012-board-election/OWASP2012BoardInterviews_TomBrennan.mp3 Audio] / [https://www.owasp.org/images/e/e3/OWASP_2012_Board_Interviews_-_Tom_Brennan.pdf Transcript]<br />
<br />
- Video Interview about OWASP with Tom Brennan, 2008 - [http://vimeo.com/23889097 Video 1], [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Video 2]<br />
<br />
- Thousands of wiki commits to OWASP.ORG since 2004 see: [https://www.owasp.org/index.php/Special:Contributions/Brennan Wiki Edits]<br />
<br />
Contributor and champion to many OWASP projects including:<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Incident_Response_Project OWASP Incident Response Top 10 Project]<br />
<br />
-- [https://www.owasp.org/index.php?title=OWASP_Virtual_Lab_Tool_Project OWASP Virtual Village]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP RFQ Criteria, Software Security]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool OWASP Switchblade HTTP Post DoS Tool]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
-- [https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security Core Rule Set]<br />
<br />
-- [https://www.owasp.org/index.php/OWASP_Cyber_Defense_Matrix OWASP Matrix Project]<br />
<br />
Additional Projects<br />
<br />
-- [http://www.penteston.com PENTESTON] a commercial vulnerability assessment platform utilizing the [http://www.proactiverisk.com CATSCAN] assessment methodology. <br />
<br />
-- [http://www.hacknyc.com HACKNYC Conference]<br />
<br />
-- [http://www.nymjcsc.org New York Metro Joint Cyber Security Conference] (NYMJCSC)</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235966December 6, 20172017-12-02T14:39:22Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017. [https://www.owasp.org/index.php/Board#tab=How_Meetings_Operate Click here for a summary of how meetings operate]<br />
<br />
CALL TO ORDER<br />
1) Mission / Purpose <br />
CHANGES TO THE AGENDA<br />
1) Open call to public or members attending for new items for the good of the foundation <br />
<br />
<$insert topic + who> <br />
<br />
<$insert topic + who> <br />
APPROVAL OF MINUTES<br />
1) Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
1) OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director. - Karen <br />
OLD BUSINESS<br />
1) OWASP, BACKLOG, DOING, DONE.... What happened to TRELLO? https://trello.com/owaspfoundation - Brennan<br />
<br />
2) Update Budget progress - Andrew/Coats<br />
<br />
3) Update AppSecEU Status - Staff Update and concerns<br />
<br />
4) Update/2018 Summit - Josh vote by email results <br />
<br />
5) Update/GDPR - Martin Update<br />
<br />
6) Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
7) [https://www.owasp.org/index.php/OWASP_Strategic_Goals Strategic Goals] reflection on (6) Years @ OWASP - Team<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
NEW BUSINESS<br />
1) Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
2) [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors Current organization chart] - Karen<br />
- <br />
<br />
3) Installation of 2018 Officers / Nominations and Vote, Roles and Responsibilities effective 01/01/2018 - Brennan<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Chairperson]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Vice Chairperson]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Secretary]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Treasurer]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
4) [https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
<$insert topic + who><br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
1) 2018 Association Roundtable Q2 5/10 - Brennan<br />
<br />
<$insert topic + who><br />
<br />
ADJOURNMENT<br />
1) Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235965December 6, 20172017-12-02T14:00:03Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017. [https://www.owasp.org/index.php/Board#tab=How_Meetings_Operate Click here for a summary of how meetings operate]<br />
<br />
CALL TO ORDER<br />
1) Mission / Purpose <br />
CHANGES TO THE AGENDA<br />
1) Open call to public or members attending for new items for the good of the foundation <br />
<br />
<$insert topic + who> <br />
<br />
<$insert topic + who> <br />
APPROVAL OF MINUTES<br />
1) Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
1) OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director. - Karen <br />
OLD BUSINESS<br />
1) OWASP, BACKLOG, DOING, DONE.... What happened to TRELLO? https://trello.com/owaspfoundation - Brennan<br />
<br />
2) Update Budget progress - Andrew/Coats<br />
<br />
3) Update AppSecEU Status - Staff Update and concerns<br />
<br />
4) Update/2018 Summit - Josh vote by email results <br />
<br />
4) Update/GDPR - Martin Update<br />
<br />
5) Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
6) [https://www.owasp.org/index.php/OWASP_Strategic_Goals Strategic Goals] reflection on (6) Years @ OWASP - Team<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
NEW BUSINESS<br />
1) Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
2) [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors Current organization chart] - Karen<br />
- <br />
<br />
3) Installation of 2018 Officers / Nominations and Vote, Roles and Responsibilities effective 01/01/2018 - Brennan<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Chairperson]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Vice Chairperson]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Secretary]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Treasurer]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
4) [https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
<$insert topic + who><br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
1) 2018 Association Roundtable Q2 5/10 - Brennan<br />
<br />
<$insert topic + who><br />
<br />
ADJOURNMENT<br />
1) Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235964December 6, 20172017-12-02T13:54:53Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017. [https://www.owasp.org/index.php/Board#tab=How_Meetings_Operate Click here for a summary of how meetings operate]<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
<br />
<$insert topic + who> <br />
<br />
<$insert topic + who> <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director <br />
<br />
OLD BUSINESS, OWASP, BACKLOG, DOING, DONE.... What happened to TRELLO? https://trello.com/owaspfoundation - Brennan<br />
<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
NEW BUSINESS<br />
Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors Current organization chart] - Karen<br />
- <br />
<br />
Installation of 2018 Officers / Nominations and Vote, Roles and Responsibilities effective 01/01/2018 - Brennan<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Chairperson]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Vice Chairperson]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Secretary]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Treasurer]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#2017_Elected_by_Membership.2C_Global_Board_Members -- Board Member at Large]<br />
<br />
[https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
2018 Association Roundtable Q2 5/10 - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
ADJOURNMENT<br />
Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235963December 6, 20172017-12-02T13:51:15Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
<br />
<$insert topic + who> <br />
<br />
<$insert topic + who> <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director <br />
<br />
OLD BUSINESS, OWASP, BACKLOG, DOING, DONE.... What happened to TRELLO? https://trello.com/owaspfoundation - Brennan<br />
<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
NEW BUSINESS<br />
Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Members and related actions paperwork/term of office/how the roles are picked for 2018 - Historian<br />
- <br />
<br />
[https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
Nominations and Vote for 2018 Roles and Responsibilities effective 01/01/2018 - Brennan<br />
<br />
-- Chairperson<br />
<br />
-- Vice Chairperson<br />
<br />
-- Secretary<br />
<br />
-- Treasurer<br />
<br />
-- Board Member at Large<br />
<br />
-- Board Member at Large<br />
<br />
-- Board Member at Large<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
2018 Association Roundtable Q2 5/10 - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
ADJOURNMENT<br />
Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235962December 6, 20172017-12-02T13:50:39Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
<br />
<$insert topic + who> <br />
<br />
<$insert topic + who> <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director <br />
<br />
OLD BUSINESS, OWASP, BACKLOG, DOING, DONE.... What happened to TRELLO? https://trello.com/owaspfoundation - Brennan<br />
<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
NEW BUSINESS<br />
Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Members and related actions paperwork/term of office/how the roles are picked for 2018 - Historian<br />
- <br />
<br />
[https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
Nominations and Vote for 2018 Roles and Responsibilities - Brennan<br />
<br />
- Chairperson<br />
<br />
- Vice Chairperson<br />
<br />
- Secretary<br />
<br />
- Treasurer<br />
<br />
- Board Member at Large<br />
<br />
- Board Member at Large<br />
<br />
- Board Member at Large<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
2018 Association Roundtable Q2 5/10 - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
ADJOURNMENT<br />
Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235961December 6, 20172017-12-02T13:48:22Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
<br />
<$insert topic + who> <br />
<br />
<$insert topic + who> <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director <br />
<br />
OLD BUSINESS, OWASP, BACKLOG, DOING, DONE.... What happened to TRELLO? https://trello.com/owaspfoundation - Brennan<br />
<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
NEW BUSINESS<br />
Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Members and related actions paperwork/term of office/how the roles are picked for 2018 - Historian<br />
- <br />
<br />
[https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
2018 Association Roundtable Q2 5/10 - Brennan<br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
<br />
<$insert topic + who><br />
ADJOURNMENT<br />
Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=About_The_Open_Web_Application_Security_Project&diff=235873About The Open Web Application Security Project2017-11-30T03:26:54Z<p>Brennan: </p>
<hr />
<div>Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' <br />
<br />
__TOC__<br />
<br />
==The OWASP Foundation==<br />
The OWASP Foundation came online on [http://wayback.archive.org/web/*/http://www.owasp.org December 1st 2001] it was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at [[Main Page|OWASP]]. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at [[Main Page|www.owasp.org]].<br />
<br />
<br />
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The [[OWASP Foundation]] is a not-for-profit entity that ensures the project's long-term success.<br />
<br />
[http://www.linkedin.com/companies/owasp https://www.owasp.org/images/9/98/Btn_cofollow_badge.png]<br />
<br />
<br />
===OWASP Foundation Bylaws===<br />
<br />
The business of the OWASP Foundation Inc. is outlined in the organizational [http://en.wikipedia.org/wiki/By-law by-laws]. These by-laws govern the organization worldwide and allow the participants to understand the established process for doing so. <br />
<br />
[[OWASP Foundation ByLaws]]<br />
<br />
[https://www.owasp.org/images/9/90/126741_OWASP_vzw_modelstatuten_v0.9_EN_REV.pdf OWASP EU Foundation ByLaws (English Translation)]<br />
<br />
[[Local Chapter ByLaws]]<br />
<br />
<br />
== Core Values ==<br />
<b>OPEN</b><br />
Everything at OWASP is radically transparent from our finances to our code.<br />
<br />
<b>INNOVATION</b><br />
OWASP encourages and supports innovation and experiments for solutions to software security challenges.<br />
<br />
<b>GLOBAL</b><br />
Anyone around the world is encouraged to participate in the OWASP community.<br />
<br />
<b>INTEGRITY</b><br />
OWASP is an honest and truthful, vendor neutral, global community.<br />
<br />
<br />
== Core Purpose ==<br />
Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. <br />
<br />
<br />
== Code of Ethics ==<br />
Each of us is expected to behave according to the principles contained in the following Code of Ethics. Breaches of the Code of Ethics may result in the foundation taking disciplinary action.<br />
[https://www.owasp.org/index.php/Membership_Revocation Membership Revocation]<br />
<br />
* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;<br />
* Promote the implementation of and promote compliance with standards, procedures, controls for application security;<br />
* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;<br />
* Discharge professional responsibilities with diligence and honesty;<br />
* To communicate openly and honestly;<br />
* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;<br />
* To maintain and affirm our objectivity and independence;<br />
* To reject inappropriate pressure from industry or others;<br />
* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;<br />
* Treat everyone with respect and dignity; and<br />
* To avoid relationships that impair — or may appear to impair — OWASP's objectivity and independence.<br />
<br />
<br />
== Principles ==<br />
<br />
* Free & Open<br />
* Governed by rough consensus & running code<br />
* Abide by a code of ethics (see ethics)<br />
* Not-for-profit<br />
* Not driven by commercial interests<br />
* Risk based approach<br />
<br />
==2017 Elected by Membership, Global Board Members==<br />
[https://www.owasp.org/index.php/OWASP_Board_History OWASP Board History]<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:Matt_Konda |Matt Konda]]: Chair====<br />
The Chairman of the Board shall serve as the principal executive officer of the<br />
Foundation.<br />
• Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business<br />
and affairs of the Foundation. He/She will monitor financial planning and financial reports<br />
He/She or he may sign, with the Secretary or any other proper officer of the Foundation<br />
thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or<br />
other instruments which the Board of Directors has authorized to be executed, except in cases<br />
where the signing and execution thereof shall be expressly delegated by the Board of<br />
Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be<br />
required by law to be otherwise signed or executed;<br />
• Leadership and Direction: provides leadership to the Board of Directors with regards to<br />
policy setting and strategic planning. He/She helps guide and mediate board actions with<br />
respect to organizational priorities and governance concerns, and in general shall perform all<br />
duties incident to the office of Chairman of the Board subject to the control of the Board of<br />
Directors. <br />
• Organizational Responsibilities: He/She plays a leading role in fundraising activities,<br />
formally evaluate the performance of the Foundation Director and informally evaluate the<br />
effectiveness of the board members. An annual, overall evaluation of the performance of the<br />
organization in achieving its mission will be accomplished. He or she shall, when present,<br />
preside at all meetings of the Board of Directors, unless otherwise delegated, and such other<br />
duties as may be prescribed by the Board of Directors from time to time<br />
<br><br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Josh Sokol, Vice Chair====<br />
performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.<br />
<br />
<br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
==== [[User:brennan|Tom Brennan]]: Secretary/Historian====<br />
maintains records of the board and ensures effective management of organization’s<br />
records, manages minutes of board meetings, ensures minutes are distributed shortly after each<br />
meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note<br />
applicability during meetings; is the custodian of the corporate records and of the seal of the<br />
Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which<br />
on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office<br />
address of each Director which shall be furnished to the Secretary by such Director; and, in general<br />
perform all duties incident to the office of the Secretary and such other duties as from time to time<br />
may be assigned to him by the Chairman of the Board or by the Board. <br />
<br><br />
<br><br />
<br>[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:vanderaj |Andrew van der Stock]]: Treasurer====<br />
Treasurer manages finances of the organization, administers fiscal matters of the organization,<br />
provides annual budget to the board for member’s approval, ensures development and board review<br />
of financial policies and procedures. <br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:MichaelCoates|Michael Coates]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====[[User:tgondrom|Tobias Gondrom]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [https://www.owasp.org/index.php/User:Knoblochmartin Martin Knobloch]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
<hr /><br />
<br />
==Employees and Contractors==<br />
<br />
{{:About_OWASP/HR}}<br />
<br />
<br />
* Additional [https://www.owasp.org/index.php/About_OWASP/HR staff and HR info]<br />
<br />
==Meeting Minutes==<br />
The OWASP Foundation Board meets monthly.<br />
<br />
[[OWASP_Board_Meetings | Board meeting minutes for the record.]]<br />
<br />
[https://docs.google.com/folder/d/0B5Z9zE0hx0LNZ0pqZC1QWWRTM28/edit Global Initiatives Meetings]<br />
<br />
== Operational Procedures ==<br />
[https://www.owasp.org/index.php/About_OWASP/Operational-Procedures Standard Operations Procedures (SOP)]<br />
<br />
<br />
==Licensing==<br />
All OWASP materials are available under an approved [[OWASP Licenses|FLOSS license]]. For more information, please see the '''[[OWASP Licenses]]''' page.<br />
<br />
<br />
==Participation and Membership==<br />
Everyone is welcome to participate in our [https://lists.owasp.org/mailman/listinfo forums], [[projects]], [[chapters]], and [[conferences]]. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.<br />
<br />
<br />
If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.<br />
<br />
<br />
For more information, please see the '''[[Membership]]''' page.<br />
<br />
==Projects==<br />
OWASP's projects cover many aspects of application security. We build documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code.<br />
<br />
<br />
For details on all the OWASP projects, please see the '''[[:Category:OWASP Project|OWASP Project]]''' page.<br />
<br />
<br />
==Privacy Policy==<br />
Given OWASP’s mission to help organizations with application security, you have the right to expect protection of any personal information that we might collect about our members.<br />
<br />
<br />
In general, we do not require authentication or ask visitors to reveal personal information when visiting our website. We collect Internet addresses, not the e-mail addresses, of visitors solely for use in calculating various website statistics.<br />
<br />
<br />
We may ask for certain personal information, including name and email address from persons downloading OWASP products. This information is not divulged to any third party and is used only for the purposes of:<br />
* Communicating urgent fixes in the OWASP Materials<br />
* Seeking advice and feedback about OWASP Materials<br />
* Inviting participation in OWASP’s consensus process and AppSec conferences<br />
<br />
<br />
OWASP publishes a list of member organizations and individual members. Listing is purely voluntary and "opt-in." Listed members can request not to be listed at any time.<br />
<br />
All information about you or your organization that you send us by fax or mail is physically protected. If you have any questions or concerns about our privacy policy, please contact us at [http://sl.owasp.org/contactus Submit a Inquiry]<br />
<br />
<br />
==Membership or Donations==<br />
If you are interested in joining OWASP as a member, or donating funds for OWASP's efforts, please check out the [[Membership|OWASP Membership Page]].<br />
<br />
{{:About_OWASP/Financial_Transparency}}<br />
<br />
[[:File:OWASP Annual Report 2015.pdf|2015 Annual Report]]<br /><br />
<br />
==Contacting OWASP==<br />
The easiest way to contact the [[OWASP Foundation]] is via e-mail. If you have a question concerning a particular project, we <b>strongly</b> recommend using the [https://lists.owasp.org/mailman/listinfo mailing list] for that project. Many questions can also be answered by [https://www.owasp.org/google/results.html searching] the [[Main Page|OWASP]] web site, so please check there first.<br />
<br />
Our global address for general correspondence and faxes can be sent to our physical office address, at: <br />
<br />
OWASP Foundation<br />
1200-C Agora Drive, #232<br />
Bel Air, MD 21014<br />
US<br />
+1 443-283-4021(fax)<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
The European correspondence address is below.<br />
More information is available on the OWASP [[Europe]] page.<br />
<br />
OWASP Europe VZW<br />
Leinstraat 104A<br />
B-9660 Opbrakel<br />
Belgium<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
OWASP Norway Chapter<br />
[http://w2.brreg.no/enhet/sok/detalj.jsp?orgnr=994253085 Entity Record]<br />
v/Kåre Presttun<br />
c/o Mnemonic as<br />
Wergelandsveien 25<br />
0167 OSLO<br />
<br />
<br />
Want to chat on IRC?<br />
The official #owasp channel is now live on http://irc.freenode.net ! Come on in and chat with us!<br />
<br />
For more information, please see the pages listed below:<br />
<br />
* [[Contributions]] for details about how to make contributions<br />
* [[Advertising]] if you're interested in advertising on the OWASP site<br />
* [[How OWASP Works]] for more information about projects and governance<br />
* [[OWASP brand usage rules]] for information about using the OWASP brand<br />
* [https://docs.google.com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?pref=2&pli=1#slide=id.p4 About OWASP Presentation (Google Docs)]<br />
<br />
[[Category:Popular]]</div>Brennanhttps://wiki.owasp.org/index.php?title=About_The_Open_Web_Application_Security_Project&diff=235872About The Open Web Application Security Project2017-11-30T03:25:50Z<p>Brennan: /* Tom Brennan: Secretary/Historian */</p>
<hr />
<div>Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' <br />
<br />
__TOC__<br />
<br />
==The OWASP Foundation==<br />
The OWASP Foundation came online on [http://wayback.archive.org/web/*/http://www.owasp.org December 1st 2001] it was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at [[Main Page|OWASP]]. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at [[Main Page|www.owasp.org]].<br />
<br />
<br />
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The [[OWASP Foundation]] is a not-for-profit entity that ensures the project's long-term success.<br />
<br />
[http://www.linkedin.com/companies/owasp https://www.owasp.org/images/9/98/Btn_cofollow_badge.png]<br />
<br />
<br />
===OWASP Foundation Bylaws===<br />
<br />
The business of the OWASP Foundation Inc. is outlined in the organizational [http://en.wikipedia.org/wiki/By-law by-laws]. These by-laws govern the organization worldwide and allow the participants to understand the established process for doing so. <br />
<br />
[[OWASP Foundation ByLaws]]<br />
<br />
[https://www.owasp.org/images/9/90/126741_OWASP_vzw_modelstatuten_v0.9_EN_REV.pdf OWASP EU Foundation ByLaws (English Translation)]<br />
<br />
[[Local Chapter ByLaws]]<br />
<br />
<br />
== Core Values ==<br />
<b>OPEN</b><br />
Everything at OWASP is radically transparent from our finances to our code.<br />
<br />
<b>INNOVATION</b><br />
OWASP encourages and supports innovation and experiments for solutions to software security challenges.<br />
<br />
<b>GLOBAL</b><br />
Anyone around the world is encouraged to participate in the OWASP community.<br />
<br />
<b>INTEGRITY</b><br />
OWASP is an honest and truthful, vendor neutral, global community.<br />
<br />
<br />
== Core Purpose ==<br />
Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. <br />
<br />
<br />
== Code of Ethics ==<br />
Each of us is expected to behave according to the principles contained in the following Code of Ethics. Breaches of the Code of Ethics may result in the foundation taking disciplinary action.<br />
[https://www.owasp.org/index.php/Membership_Revocation Membership Revocation]<br />
<br />
* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;<br />
* Promote the implementation of and promote compliance with standards, procedures, controls for application security;<br />
* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;<br />
* Discharge professional responsibilities with diligence and honesty;<br />
* To communicate openly and honestly;<br />
* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;<br />
* To maintain and affirm our objectivity and independence;<br />
* To reject inappropriate pressure from industry or others;<br />
* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;<br />
* Treat everyone with respect and dignity; and<br />
* To avoid relationships that impair — or may appear to impair — OWASP's objectivity and independence.<br />
<br />
<br />
== Principles ==<br />
<br />
* Free & Open<br />
* Governed by rough consensus & running code<br />
* Abide by a code of ethics (see ethics)<br />
* Not-for-profit<br />
* Not driven by commercial interests<br />
* Risk based approach<br />
<br />
==2017 Elected by Membership, Global Board Members==<br />
[https://www.owasp.org/index.php/OWASP_Board_History OWASP Board History]<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:Matt_Konda |Matt Konda]]: Chair====<br />
The Chairman of the Board shall serve as the principal executive officer of the<br />
Foundation.<br />
• Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business<br />
and affairs of the Foundation. He/She will monitor financial planning and financial reports<br />
He/She or he may sign, with the Secretary or any other proper officer of the Foundation<br />
thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or<br />
other instruments which the Board of Directors has authorized to be executed, except in cases<br />
where the signing and execution thereof shall be expressly delegated by the Board of<br />
Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be<br />
required by law to be otherwise signed or executed;<br />
• Leadership and Direction: provides leadership to the Board of Directors with regards to<br />
policy setting and strategic planning. He/She helps guide and mediate board actions with<br />
respect to organizational priorities and governance concerns, and in general shall perform all<br />
duties incident to the office of Chairman of the Board subject to the control of the Board of<br />
Directors. <br />
• Organizational Responsibilities: He/She plays a leading role in fundraising activities,<br />
formally evaluate the performance of the Foundation Director and informally evaluate the<br />
effectiveness of the board members. An annual, overall evaluation of the performance of the<br />
organization in achieving its mission will be accomplished. He or she shall, when present,<br />
preside at all meetings of the Board of Directors, unless otherwise delegated, and such other<br />
duties as may be prescribed by the Board of Directors from time to time<br />
<br><br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Josh Sokol, Vice Chair====<br />
performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.<br />
<br />
<br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
==== [[User:brennan|'''Tom Brennan''']]''': Secretary/Historian''' ====<br />
maintains records of the board and ensures effective management of organization’s<br />
records, manages minutes of board meetings, ensures minutes are distributed shortly after each<br />
meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note<br />
applicability during meetings; is the custodian of the corporate records and of the seal of the<br />
Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which<br />
on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office<br />
address of each Director which shall be furnished to the Secretary by such Director; and, in general<br />
perform all duties incident to the office of the Secretary and such other duties as from time to time<br />
may be assigned to him by the Chairman of the Board or by the Board. <br />
<br><br />
<br><br />
<br>[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:vanderaj |Andrew van der Stock]]: Treasurer====<br />
Treasurer manages finances of the organization, administers fiscal matters of the organization,<br />
provides annual budget to the board for member’s approval, ensures development and board review<br />
of financial policies and procedures. <br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:MichaelCoates|Michael Coates]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====[[User:tgondrom|Tobias Gondrom]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [https://www.owasp.org/index.php/User:Knoblochmartin Martin Knobloch]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
<hr /><br />
<br />
==Employees and Contractors==<br />
<br />
{{:About_OWASP/HR}}<br />
<br />
<br />
* Additional [https://www.owasp.org/index.php/About_OWASP/HR staff and HR info]<br />
<br />
==Meeting Minutes==<br />
The OWASP Foundation Board meets monthly.<br />
<br />
[[OWASP_Board_Meetings | Board meeting minutes for the record.]]<br />
<br />
[https://docs.google.com/folder/d/0B5Z9zE0hx0LNZ0pqZC1QWWRTM28/edit Global Initiatives Meetings]<br />
<br />
== Operational Procedures ==<br />
[https://www.owasp.org/index.php/About_OWASP/Operational-Procedures Standard Operations Procedures (SOP)]<br />
<br />
<br />
==Licensing==<br />
All OWASP materials are available under an approved [[OWASP Licenses|FLOSS license]]. For more information, please see the '''[[OWASP Licenses]]''' page.<br />
<br />
<br />
==Participation and Membership==<br />
Everyone is welcome to participate in our [https://lists.owasp.org/mailman/listinfo forums], [[projects]], [[chapters]], and [[conferences]]. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.<br />
<br />
<br />
If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.<br />
<br />
<br />
For more information, please see the '''[[Membership]]''' page.<br />
<br />
==Projects==<br />
OWASP's projects cover many aspects of application security. We build documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code.<br />
<br />
<br />
For details on all the OWASP projects, please see the '''[[:Category:OWASP Project|OWASP Project]]''' page.<br />
<br />
<br />
==Privacy Policy==<br />
Given OWASP’s mission to help organizations with application security, you have the right to expect protection of any personal information that we might collect about our members.<br />
<br />
<br />
In general, we do not require authentication or ask visitors to reveal personal information when visiting our website. We collect Internet addresses, not the e-mail addresses, of visitors solely for use in calculating various website statistics.<br />
<br />
<br />
We may ask for certain personal information, including name and email address from persons downloading OWASP products. This information is not divulged to any third party and is used only for the purposes of:<br />
* Communicating urgent fixes in the OWASP Materials<br />
* Seeking advice and feedback about OWASP Materials<br />
* Inviting participation in OWASP’s consensus process and AppSec conferences<br />
<br />
<br />
OWASP publishes a list of member organizations and individual members. Listing is purely voluntary and "opt-in." Listed members can request not to be listed at any time.<br />
<br />
All information about you or your organization that you send us by fax or mail is physically protected. If you have any questions or concerns about our privacy policy, please contact us at [http://sl.owasp.org/contactus Submit a Inquiry]<br />
<br />
<br />
==Membership or Donations==<br />
If you are interested in joining OWASP as a member, or donating funds for OWASP's efforts, please check out the [[Membership|OWASP Membership Page]].<br />
<br />
{{:About_OWASP/Financial_Transparency}}<br />
<br />
[[:File:OWASP Annual Report 2015.pdf|2015 Annual Report]]<br /><br />
<br />
==Contacting OWASP==<br />
The easiest way to contact the [[OWASP Foundation]] is via e-mail. If you have a question concerning a particular project, we <b>strongly</b> recommend using the [https://lists.owasp.org/mailman/listinfo mailing list] for that project. Many questions can also be answered by [https://www.owasp.org/google/results.html searching] the [[Main Page|OWASP]] web site, so please check there first.<br />
<br />
Our global address for general correspondence and faxes can be sent to our physical office address, at: <br />
<br />
OWASP Foundation<br />
1200-C Agora Drive, #232<br />
Bel Air, MD 21014<br />
US<br />
+1 443-283-4021(fax)<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
The European correspondence address is below.<br />
More information is available on the OWASP [[Europe]] page.<br />
<br />
OWASP Europe VZW<br />
Leinstraat 104A<br />
B-9660 Opbrakel<br />
Belgium<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
OWASP Norway Chapter<br />
[http://w2.brreg.no/enhet/sok/detalj.jsp?orgnr=994253085 Entity Record]<br />
v/Kåre Presttun<br />
c/o Mnemonic as<br />
Wergelandsveien 25<br />
0167 OSLO<br />
<br />
<br />
Want to chat on IRC?<br />
The official #owasp channel is now live on http://irc.freenode.net ! Come on in and chat with us!<br />
<br />
For more information, please see the pages listed below:<br />
<br />
* [[Contributions]] for details about how to make contributions<br />
* [[Advertising]] if you're interested in advertising on the OWASP site<br />
* [[How OWASP Works]] for more information about projects and governance<br />
* [[OWASP brand usage rules]] for information about using the OWASP brand<br />
* [https://docs.google.com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?pref=2&pli=1#slide=id.p4 About OWASP Presentation (Google Docs)]<br />
<br />
[[Category:Popular]]</div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235871About OWASP/HR2017-11-30T03:24:41Z<p>Brennan: updates</p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley]====<br />
The '''Executive Director''' is ultimately '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br><br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Finance and Administration [https://www.linkedin.com/in/thomas-pappas-a938667/ Tom Papas] (Contractor)====<br />
* Services Provided by: [http://virtualmgmt.com/ Virtual Management Inc.] <br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====AR/AP Bookkeeping/Payroll (Contractors)====<br />
Services Provided by: [http://virtualmgmt.com/ Virtual Management Inc.]<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.linkedin.com/in/hugo75costa/ Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====IT Contractor: VACANT (Contractor)====<br />
* IT Support (Website, Wiki, Mailing Lists, Employee Desktops, Related System Administration <br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235869About OWASP/HR2017-11-30T03:21:20Z<p>Brennan: Updates</p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley]====<br />
The '''Executive Director''' is ultimately '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Controller [https://www.linkedin.com/in/thomas-pappas-a938667/ Tom Papas] (Contractor)====<br />
* [http://virtualmgmt.com/ Virtual Management Inc.] <br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====AR/AP Bookkeeping/Payroll (Contractors)====<br />
* [http://virtualmgmt.com/ Virtual Management Inc.] <br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====IT Contractor: VACANT (Contractor)====<br />
* IT Support (Website, Wiki, Mailing Lists, Employee Desktops, Related System Administration <br />
<br><br><br />
<br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235868About OWASP/HR2017-11-30T03:11:36Z<p>Brennan: /* Employees and Contractors of the OWASP Foundation */</p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley]====<br />
The '''Executive Director''' is ultimately '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235867About OWASP/HR2017-11-30T03:11:23Z<p>Brennan: </p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley]====<br />
The '''Executive Director''' is ultimately '''responsible''' for overseeing the administration, programs and strategic plan of the organization[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_The_Open_Web_Application_Security_Project&diff=235865About The Open Web Application Security Project2017-11-30T03:07:03Z<p>Brennan: /* 2017 Elected by Membership, Global Board Members */</p>
<hr />
<div>Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' <br />
<br />
__TOC__<br />
<br />
==The OWASP Foundation==<br />
The OWASP Foundation came online on [http://wayback.archive.org/web/*/http://www.owasp.org December 1st 2001] it was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at [[Main Page|OWASP]]. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at [[Main Page|www.owasp.org]].<br />
<br />
<br />
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The [[OWASP Foundation]] is a not-for-profit entity that ensures the project's long-term success.<br />
<br />
[http://www.linkedin.com/companies/owasp https://www.owasp.org/images/9/98/Btn_cofollow_badge.png]<br />
<br />
<br />
===OWASP Foundation Bylaws===<br />
<br />
The business of the OWASP Foundation Inc. is outlined in the organizational [http://en.wikipedia.org/wiki/By-law by-laws]. These by-laws govern the organization worldwide and allow the participants to understand the established process for doing so. <br />
<br />
[[OWASP Foundation ByLaws]]<br />
<br />
[https://www.owasp.org/images/9/90/126741_OWASP_vzw_modelstatuten_v0.9_EN_REV.pdf OWASP EU Foundation ByLaws (English Translation)]<br />
<br />
[[Local Chapter ByLaws]]<br />
<br />
<br />
== Core Values ==<br />
<b>OPEN</b><br />
Everything at OWASP is radically transparent from our finances to our code.<br />
<br />
<b>INNOVATION</b><br />
OWASP encourages and supports innovation and experiments for solutions to software security challenges.<br />
<br />
<b>GLOBAL</b><br />
Anyone around the world is encouraged to participate in the OWASP community.<br />
<br />
<b>INTEGRITY</b><br />
OWASP is an honest and truthful, vendor neutral, global community.<br />
<br />
<br />
== Core Purpose ==<br />
Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. <br />
<br />
<br />
== Code of Ethics ==<br />
Each of us is expected to behave according to the principles contained in the following Code of Ethics. Breaches of the Code of Ethics may result in the foundation taking disciplinary action.<br />
[https://www.owasp.org/index.php/Membership_Revocation Membership Revocation]<br />
<br />
* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;<br />
* Promote the implementation of and promote compliance with standards, procedures, controls for application security;<br />
* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;<br />
* Discharge professional responsibilities with diligence and honesty;<br />
* To communicate openly and honestly;<br />
* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;<br />
* To maintain and affirm our objectivity and independence;<br />
* To reject inappropriate pressure from industry or others;<br />
* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;<br />
* Treat everyone with respect and dignity; and<br />
* To avoid relationships that impair — or may appear to impair — OWASP's objectivity and independence.<br />
<br />
<br />
== Principles ==<br />
<br />
* Free & Open<br />
* Governed by rough consensus & running code<br />
* Abide by a code of ethics (see ethics)<br />
* Not-for-profit<br />
* Not driven by commercial interests<br />
* Risk based approach<br />
<br />
==2017 Elected by Membership, Global Board Members==<br />
[https://www.owasp.org/index.php/OWASP_Board_History OWASP Board History]<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:Matt_Konda |Matt Konda]]: Chair====<br />
The Chairman of the Board shall serve as the principal executive officer of the<br />
Foundation.<br />
• Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business<br />
and affairs of the Foundation. He/She will monitor financial planning and financial reports<br />
He/She or he may sign, with the Secretary or any other proper officer of the Foundation<br />
thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or<br />
other instruments which the Board of Directors has authorized to be executed, except in cases<br />
where the signing and execution thereof shall be expressly delegated by the Board of<br />
Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be<br />
required by law to be otherwise signed or executed;<br />
• Leadership and Direction: provides leadership to the Board of Directors with regards to<br />
policy setting and strategic planning. He/She helps guide and mediate board actions with<br />
respect to organizational priorities and governance concerns, and in general shall perform all<br />
duties incident to the office of Chairman of the Board subject to the control of the Board of<br />
Directors. <br />
• Organizational Responsibilities: He/She plays a leading role in fundraising activities,<br />
formally evaluate the performance of the Foundation Director and informally evaluate the<br />
effectiveness of the board members. An annual, overall evaluation of the performance of the<br />
organization in achieving its mission will be accomplished. He or she shall, when present,<br />
preside at all meetings of the Board of Directors, unless otherwise delegated, and such other<br />
duties as may be prescribed by the Board of Directors from time to time<br />
<br><br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Josh Sokol, Vice Chair====<br />
performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.<br />
<br />
<br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
<br />
==== [[User:brennan|'''Tom Brennan''']]: '''Secretary/Historian''' ====<br />
maintains records of the board and ensures effective management of organization’s<br />
records, manages minutes of board meetings, ensures minutes are distributed shortly after each<br />
meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note<br />
applicability during meetings; is the custodian of the corporate records and of the seal of the<br />
Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which<br />
on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office<br />
address of each Director which shall be furnished to the Secretary by such Director; and, in general<br />
perform all duties incident to the office of the Secretary and such other duties as from time to time<br />
may be assigned to him by the Chairman of the Board or by the Board. <br />
<br><br />
<br><br />
<br>[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:vanderaj |Andrew van der Stock]]: Treasurer====<br />
Treasurer manages finances of the organization, administers fiscal matters of the organization,<br />
provides annual budget to the board for member’s approval, ensures development and board review<br />
of financial policies and procedures. <br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:MichaelCoates|Michael Coates]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====[[User:tgondrom|Tobias Gondrom]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [https://www.owasp.org/index.php/User:Knoblochmartin Martin Knobloch]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
<hr /><br />
<br />
==Employees and Contractors==<br />
<br />
{{:About_OWASP/HR}}<br />
<br />
<br />
* Additional [https://www.owasp.org/index.php/About_OWASP/HR staff and HR info]<br />
<br />
==Meeting Minutes==<br />
The OWASP Foundation Board meets monthly.<br />
<br />
[[OWASP_Board_Meetings | Board meeting minutes for the record.]]<br />
<br />
[https://docs.google.com/folder/d/0B5Z9zE0hx0LNZ0pqZC1QWWRTM28/edit Global Initiatives Meetings]<br />
<br />
== Operational Procedures ==<br />
[https://www.owasp.org/index.php/About_OWASP/Operational-Procedures Standard Operations Procedures (SOP)]<br />
<br />
<br />
==Licensing==<br />
All OWASP materials are available under an approved [[OWASP Licenses|FLOSS license]]. For more information, please see the '''[[OWASP Licenses]]''' page.<br />
<br />
<br />
==Participation and Membership==<br />
Everyone is welcome to participate in our [https://lists.owasp.org/mailman/listinfo forums], [[projects]], [[chapters]], and [[conferences]]. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.<br />
<br />
<br />
If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.<br />
<br />
<br />
For more information, please see the '''[[Membership]]''' page.<br />
<br />
==Projects==<br />
OWASP's projects cover many aspects of application security. We build documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code.<br />
<br />
<br />
For details on all the OWASP projects, please see the '''[[:Category:OWASP Project|OWASP Project]]''' page.<br />
<br />
<br />
==Privacy Policy==<br />
Given OWASP’s mission to help organizations with application security, you have the right to expect protection of any personal information that we might collect about our members.<br />
<br />
<br />
In general, we do not require authentication or ask visitors to reveal personal information when visiting our website. We collect Internet addresses, not the e-mail addresses, of visitors solely for use in calculating various website statistics.<br />
<br />
<br />
We may ask for certain personal information, including name and email address from persons downloading OWASP products. This information is not divulged to any third party and is used only for the purposes of:<br />
* Communicating urgent fixes in the OWASP Materials<br />
* Seeking advice and feedback about OWASP Materials<br />
* Inviting participation in OWASP’s consensus process and AppSec conferences<br />
<br />
<br />
OWASP publishes a list of member organizations and individual members. Listing is purely voluntary and "opt-in." Listed members can request not to be listed at any time.<br />
<br />
All information about you or your organization that you send us by fax or mail is physically protected. If you have any questions or concerns about our privacy policy, please contact us at [http://sl.owasp.org/contactus Submit a Inquiry]<br />
<br />
<br />
==Membership or Donations==<br />
If you are interested in joining OWASP as a member, or donating funds for OWASP's efforts, please check out the [[Membership|OWASP Membership Page]].<br />
<br />
{{:About_OWASP/Financial_Transparency}}<br />
<br />
[[:File:OWASP Annual Report 2015.pdf|2015 Annual Report]]<br /><br />
<br />
==Contacting OWASP==<br />
The easiest way to contact the [[OWASP Foundation]] is via e-mail. If you have a question concerning a particular project, we <b>strongly</b> recommend using the [https://lists.owasp.org/mailman/listinfo mailing list] for that project. Many questions can also be answered by [https://www.owasp.org/google/results.html searching] the [[Main Page|OWASP]] web site, so please check there first.<br />
<br />
Our global address for general correspondence and faxes can be sent to our physical office address, at: <br />
<br />
OWASP Foundation<br />
1200-C Agora Drive, #232<br />
Bel Air, MD 21014<br />
US<br />
+1 443-283-4021(fax)<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
The European correspondence address is below.<br />
More information is available on the OWASP [[Europe]] page.<br />
<br />
OWASP Europe VZW<br />
Leinstraat 104A<br />
B-9660 Opbrakel<br />
Belgium<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
OWASP Norway Chapter<br />
[http://w2.brreg.no/enhet/sok/detalj.jsp?orgnr=994253085 Entity Record]<br />
v/Kåre Presttun<br />
c/o Mnemonic as<br />
Wergelandsveien 25<br />
0167 OSLO<br />
<br />
<br />
Want to chat on IRC?<br />
The official #owasp channel is now live on http://irc.freenode.net ! Come on in and chat with us!<br />
<br />
For more information, please see the pages listed below:<br />
<br />
* [[Contributions]] for details about how to make contributions<br />
* [[Advertising]] if you're interested in advertising on the OWASP site<br />
* [[How OWASP Works]] for more information about projects and governance<br />
* [[OWASP brand usage rules]] for information about using the OWASP brand<br />
* [https://docs.google.com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?pref=2&pli=1#slide=id.p4 About OWASP Presentation (Google Docs)]<br />
<br />
[[Category:Popular]]</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235864December 6, 20172017-11-30T03:05:05Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director <br />
<br />
OLD BUSINESS<br />
<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
NEW BUSINESS<br />
Official Welcome, [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Employees_and_Contractors New Hire Executive Director] - Chairman<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Members and related actions paperwork/term of office/how the roles are picked for 2018 - Historian<br />
- <br />
<br />
[https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
2018 Association Roundtable Q2 5/10 - Brennan<br />
ADJOURNMENT<br />
Executive Session closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235859December 6, 20172017-11-29T20:47:36Z<p>Brennan: </p>
<hr />
<div>mMeeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being managed by the executive director <br />
<br />
OLD BUSINESS<br />
<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
NEW BUSINESS<br />
New Hire, Executive Director - Konda<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Mmebers and related actions paperwork/term of office/how the roles are picked for 2018 <br />
- <br />
<br />
[https://drive.google.com/open?id=1Hh5Snn5T60fULIUcboh1yoB4YIXlnjmP NYC Cyber Security Grant Update] - Brennan<br />
-<br />
<br />
2018 Association Roundtable 5/10 - Brennan<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
<br />
ADJOURNMENT<br />
- Executive Seasion closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235858December 6, 20172017-11-29T20:46:12Z<p>Brennan: </p>
<hr />
<div>mMeeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the EE<br />
ExecutiD eirectorOLD BUSINESS<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
NEW BUSINESS<br />
New Hire, Executive Director - Konda<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Mmebers and related actions paperwork/term of office/how the roles are picked for 2018 <br />
- <br />
<br />
NYC Cyber Security Grant Update - Brennan<br />
-<br />
<br />
2018 Association Roundtable 5/10 - Brennan<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
<br />
ADJOURNMENT<br />
- Executive Seasion closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235857December 6, 20172017-11-29T20:45:11Z<p>Brennan: </p>
<hr />
<div>mMeeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
APPROVAL OF MINUTES<br />
- Approval of [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the EE<br />
ExecutiD eirectorOLD BUSINESS<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
NEW BUSINESS<br />
New Hire, Executive Director - Konda<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Mmebers and related actions paperwork/term of office/how the roles are picked for 2018 <br />
- <br />
<br />
NYC Cyber Security Grant Update - Brennan<br />
-<br />
<br />
2018 Association Roundtable 5/10<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
<br />
ADJOURNMENT<br />
- Executive Seasion closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=About_The_Open_Web_Application_Security_Project&diff=235820About The Open Web Application Security Project2017-11-28T15:17:10Z<p>Brennan: </p>
<hr />
<div>Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' <br />
<br />
__TOC__<br />
<br />
==The OWASP Foundation==<br />
The OWASP Foundation came online on [http://wayback.archive.org/web/*/http://www.owasp.org December 1st 2001] it was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at [[Main Page|OWASP]]. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at [[Main Page|www.owasp.org]].<br />
<br />
<br />
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The [[OWASP Foundation]] is a not-for-profit entity that ensures the project's long-term success.<br />
<br />
[http://www.linkedin.com/companies/owasp https://www.owasp.org/images/9/98/Btn_cofollow_badge.png]<br />
<br />
<br />
===OWASP Foundation Bylaws===<br />
<br />
The business of the OWASP Foundation Inc. is outlined in the organizational [http://en.wikipedia.org/wiki/By-law by-laws]. These by-laws govern the organization worldwide and allow the participants to understand the established process for doing so. <br />
<br />
[[OWASP Foundation ByLaws]]<br />
<br />
[https://www.owasp.org/images/9/90/126741_OWASP_vzw_modelstatuten_v0.9_EN_REV.pdf OWASP EU Foundation ByLaws (English Translation)]<br />
<br />
[[Local Chapter ByLaws]]<br />
<br />
<br />
== Core Values ==<br />
<b>OPEN</b><br />
Everything at OWASP is radically transparent from our finances to our code.<br />
<br />
<b>INNOVATION</b><br />
OWASP encourages and supports innovation and experiments for solutions to software security challenges.<br />
<br />
<b>GLOBAL</b><br />
Anyone around the world is encouraged to participate in the OWASP community.<br />
<br />
<b>INTEGRITY</b><br />
OWASP is an honest and truthful, vendor neutral, global community.<br />
<br />
<br />
== Core Purpose ==<br />
Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software. <br />
<br />
<br />
== Code of Ethics ==<br />
Each of us is expected to behave according to the principles contained in the following Code of Ethics. Breaches of the Code of Ethics may result in the foundation taking disciplinary action.<br />
[https://www.owasp.org/index.php/Membership_Revocation Membership Revocation]<br />
<br />
* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;<br />
* Promote the implementation of and promote compliance with standards, procedures, controls for application security;<br />
* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;<br />
* Discharge professional responsibilities with diligence and honesty;<br />
* To communicate openly and honestly;<br />
* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;<br />
* To maintain and affirm our objectivity and independence;<br />
* To reject inappropriate pressure from industry or others;<br />
* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;<br />
* Treat everyone with respect and dignity; and<br />
* To avoid relationships that impair — or may appear to impair — OWASP's objectivity and independence.<br />
<br />
<br />
== Principles ==<br />
<br />
* Free & Open<br />
* Governed by rough consensus & running code<br />
* Abide by a code of ethics (see ethics)<br />
* Not-for-profit<br />
* Not driven by commercial interests<br />
* Risk based approach<br />
<br />
==2017 Elected by Membership, Global Board Members==<br />
[https://www.owasp.org/index.php/OWASP_Board_History OWASP Board History]<br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:Matt_Konda |Matt Konda]]: Chair====<br />
The Chairman of the Board shall serve as the principal executive officer of the<br />
Foundation.<br />
• Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business<br />
and affairs of the Foundation. He/She will monitor financial planning and financial reports<br />
He/She or he may sign, with the Secretary or any other proper officer of the Foundation<br />
thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or<br />
other instruments which the Board of Directors has authorized to be executed, except in cases<br />
where the signing and execution thereof shall be expressly delegated by the Board of<br />
Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be<br />
required by law to be otherwise signed or executed;<br />
• Leadership and Direction: provides leadership to the Board of Directors with regards to<br />
policy setting and strategic planning. He/She helps guide and mediate board actions with<br />
respect to organizational priorities and governance concerns, and in general shall perform all<br />
duties incident to the office of Chairman of the Board subject to the control of the Board of<br />
Directors. <br />
• Organizational Responsibilities: He/She plays a leading role in fundraising activities,<br />
formally evaluate the performance of the Foundation Director and informally evaluate the<br />
effectiveness of the board members. An annual, overall evaluation of the performance of the<br />
organization in achieving its mission will be accomplished. He or she shall, when present,<br />
preside at all meetings of the Board of Directors, unless otherwise delegated, and such other<br />
duties as may be prescribed by the Board of Directors from time to time<br />
<br><br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Josh Sokol, Vice Chair====<br />
performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.<br />
<br />
<br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
[[User:brennan|'''Tom Brennan''']]: '''Secretary/Historian''' <br />
<br />
maintains records of the board and ensures effective management of organization’s<br />
records, manages minutes of board meetings, ensures minutes are distributed shortly after each<br />
meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note<br />
applicability during meetings; is the custodian of the corporate records and of the seal of the<br />
Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which<br />
on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office<br />
address of each Director which shall be furnished to the Secretary by such Director; and, in general<br />
perform all duties incident to the office of the Secretary and such other duties as from time to time<br />
may be assigned to him by the Chairman of the Board or by the Board. <br />
<br><br />
<br><br />
<br>[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:vanderaj |Andrew van der Stock]]: Treasurer====<br />
Treasurer manages finances of the organization, administers fiscal matters of the organization,<br />
provides annual budget to the board for member’s approval, ensures development and board review<br />
of financial policies and procedures. <br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [[User:MichaelCoates|Michael Coates]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====[[User:tgondrom|Tobias Gondrom]]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
==== [https://www.owasp.org/index.php/User:Knoblochmartin Martin Knobloch]: Member at Large====<br />
regularly attends board meetings and important related meetings, volunteers<br />
for and willingly accepts assignments and completes them thoroughly and on time, stays informed<br />
about committee matters, prepares themselves well for meetings, and reviews and comments on<br />
minutes and reports, gets to know other committee members and builds a collegial working<br />
relationship that contributes to consensus, is an active participant in the committee’s annual<br />
evaluating and planning efforts, participates in fundraising for the organization<br />
<br><br />
<br><br />
<br><br />
<br />
<hr /><br />
<br />
==Employees and Contractors==<br />
<br />
{{:About_OWASP/HR}}<br />
<br />
<br />
* Additional [https://www.owasp.org/index.php/About_OWASP/HR staff and HR info]<br />
<br />
==Meeting Minutes==<br />
The OWASP Foundation Board meets monthly.<br />
<br />
[[OWASP_Board_Meetings | Board meeting minutes for the record.]]<br />
<br />
[https://docs.google.com/folder/d/0B5Z9zE0hx0LNZ0pqZC1QWWRTM28/edit Global Initiatives Meetings]<br />
<br />
== Operational Procedures ==<br />
[https://www.owasp.org/index.php/About_OWASP/Operational-Procedures Standard Operations Procedures (SOP)]<br />
<br />
<br />
==Licensing==<br />
All OWASP materials are available under an approved [[OWASP Licenses|FLOSS license]]. For more information, please see the '''[[OWASP Licenses]]''' page.<br />
<br />
<br />
==Participation and Membership==<br />
Everyone is welcome to participate in our [https://lists.owasp.org/mailman/listinfo forums], [[projects]], [[chapters]], and [[conferences]]. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.<br />
<br />
<br />
If you find the OWASP materials valuable, please consider supporting our cause by becoming an OWASP member. All monies received by the OWASP Foundation go directly into supporting OWASP projects.<br />
<br />
<br />
For more information, please see the '''[[Membership]]''' page.<br />
<br />
==Projects==<br />
OWASP's projects cover many aspects of application security. We build documents, tools, teaching environments, guidelines, checklists, and other materials to help organizations improve their capability to produce secure code.<br />
<br />
<br />
For details on all the OWASP projects, please see the '''[[:Category:OWASP Project|OWASP Project]]''' page.<br />
<br />
<br />
==Privacy Policy==<br />
Given OWASP’s mission to help organizations with application security, you have the right to expect protection of any personal information that we might collect about our members.<br />
<br />
<br />
In general, we do not require authentication or ask visitors to reveal personal information when visiting our website. We collect Internet addresses, not the e-mail addresses, of visitors solely for use in calculating various website statistics.<br />
<br />
<br />
We may ask for certain personal information, including name and email address from persons downloading OWASP products. This information is not divulged to any third party and is used only for the purposes of:<br />
* Communicating urgent fixes in the OWASP Materials<br />
* Seeking advice and feedback about OWASP Materials<br />
* Inviting participation in OWASP’s consensus process and AppSec conferences<br />
<br />
<br />
OWASP publishes a list of member organizations and individual members. Listing is purely voluntary and "opt-in." Listed members can request not to be listed at any time.<br />
<br />
All information about you or your organization that you send us by fax or mail is physically protected. If you have any questions or concerns about our privacy policy, please contact us at [http://sl.owasp.org/contactus Submit a Inquiry]<br />
<br />
<br />
==Membership or Donations==<br />
If you are interested in joining OWASP as a member, or donating funds for OWASP's efforts, please check out the [[Membership|OWASP Membership Page]].<br />
<br />
{{:About_OWASP/Financial_Transparency}}<br />
<br />
[[:File:OWASP Annual Report 2015.pdf|2015 Annual Report]]<br /><br />
<br />
==Contacting OWASP==<br />
The easiest way to contact the [[OWASP Foundation]] is via e-mail. If you have a question concerning a particular project, we <b>strongly</b> recommend using the [https://lists.owasp.org/mailman/listinfo mailing list] for that project. Many questions can also be answered by [https://www.owasp.org/google/results.html searching] the [[Main Page|OWASP]] web site, so please check there first.<br />
<br />
Our global address for general correspondence and faxes can be sent to our physical office address, at: <br />
<br />
OWASP Foundation<br />
1200-C Agora Drive, #232<br />
Bel Air, MD 21014<br />
US<br />
+1 443-283-4021(fax)<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
The European correspondence address is below.<br />
More information is available on the OWASP [[Europe]] page.<br />
<br />
OWASP Europe VZW<br />
Leinstraat 104A<br />
B-9660 Opbrakel<br />
Belgium<br />
[http://sl.owasp.org/contactus Contact Us]<br />
<br />
OWASP Norway Chapter<br />
[http://w2.brreg.no/enhet/sok/detalj.jsp?orgnr=994253085 Entity Record]<br />
v/Kåre Presttun<br />
c/o Mnemonic as<br />
Wergelandsveien 25<br />
0167 OSLO<br />
<br />
<br />
Want to chat on IRC?<br />
The official #owasp channel is now live on http://irc.freenode.net ! Come on in and chat with us!<br />
<br />
For more information, please see the pages listed below:<br />
<br />
* [[Contributions]] for details about how to make contributions<br />
* [[Advertising]] if you're interested in advertising on the OWASP site<br />
* [[How OWASP Works]] for more information about projects and governance<br />
* [[OWASP brand usage rules]] for information about using the OWASP brand<br />
* [https://docs.google.com/presentation/d/10wi1EWFCPZwCpkB6qZaBNN8mR2XfQs8sLxcj9SCsP6c/edit?pref=2&pli=1#slide=id.p4 About OWASP Presentation (Google Docs)]<br />
<br />
[[Category:Popular]]</div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235819About OWASP/HR2017-11-28T15:07:00Z<p>Brennan: </p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley]====<br />
The '''Executive Director''' is '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
<br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235818About OWASP/HR2017-11-28T15:06:41Z<p>Brennan: /* Executive Director - Karen Staley */</p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley] The '''Executive Director''' is '''responsible''' for overseeing the administration, programs and strategic plan of the organization ====<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
<br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235817About OWASP/HR2017-11-28T14:59:01Z<p>Brennan: </p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
<br />
====Executive Director - [https://www.linkedin.com/in/karen-staley/ Karen Staley]====<br />
<br><br />
<br><br />
The '''Executive Director''' is '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
<br><br />
<br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
<br />
====Senior Project Technical Coordinator: Vacant====<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235801About OWASP/HR2017-11-27T15:03:48Z<p>Brennan: /* Employees and Contractors of the OWASP Foundation */</p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
Executive Director - Karen Staley [https://www.linkedin.com/in/karen-staley/ BIO]<br />
<br><br />
<br><br />
<br />
The '''Executive Director''' is '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
[[Image:Matt-Tesauro.png|120 px|left]]<br />
<br />
====Senior Project Technical Coordinator [https://www.owasp.org/index.php/User:Mtesauro Matt Tesauro]====<br />
* Based in Texas - USA<br />
* Key areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enable OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Operations_Director OWASP Operations Director]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235800About OWASP/HR2017-11-27T14:59:43Z<p>Brennan: /* Employees and Contractors of the OWASP Foundation */</p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
Executive Director - Karen Staley [https://www.linkedin.com/in/karen-staley/ BIO]<br />
<br />
The '''Executive Director''' is '''responsible''' for overseeing the administration, programs and strategic plan of the organization<br />
[[Image:Matt-Tesauro.png|120 px|left]]<br />
<br />
====Senior Project Technical Cordinator [https://www.owasp.org/index.php/User:Mtesauro Matt Tesauro]====<br />
* Based in Texas - USA<br />
* Key areas of responsibility: Overall operations for the OWASP Foundation including financial, HR and community support. <br />
* Other areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enables OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Operations_Director OWASP Operations Director]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=About_OWASP/HR&diff=235799About OWASP/HR2017-11-27T14:58:53Z<p>Brennan: </p>
<hr />
<div><noinclude><br />
==Employees and Contractors of the OWASP Foundation==<br />
</noinclude><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]] <br />
Executive Director - Karen Staley [https://www.linkedin.com/in/karen-staley/ BIO]<br />
<br />
<br />
[[Image:Matt-Tesauro.png|120 px|left]]<br />
====Senior Project Technical Cordinator [https://www.owasp.org/index.php/User:Mtesauro Matt Tesauro]====<br />
* Based in Texas - USA<br />
* Key areas of responsibility: Overall operations for the OWASP Foundation including financial, HR and community support. <br />
* Other areas of responsibility: Senior Project Coordinator is responsible for setting the direction and oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. This position includes oversight of the operational processes, policies, and procedures that enables OWASPs Project Leaders and contributors to successfully run their open source software projects. This role is not responsible for project management of individual OWASP Projects within the OWASP Project infrastructure.<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Operations_Director OWASP Operations Director]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Community Manager: [http://www.owasp.org Tiffany Long]====<br />
* Based in San Francisco<br />
* Key areas of responsibility: Attracting, motivating and retaining volunteers and security professionals to contribute to OWASP Projects and the OWASP Chapter community; Mobilize volunteers to help address security issues in large software systems/applications/frameworks; Strengthening OWASP Chapters and abilities to spread message of OWASP through locally organized and run events;Building a scalable OWASP training program that spreads security training to developers around the world. Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Community_Manager OWASP Community Manager]<br />
<br><br><br />
<br />
[[Image:Profile_Pic.png|140 px|left]]<br />
====Membership and Business Liaison: [https://www.owasp.org/index.php/User:Kelly_Santalucia Kelly Santalucia]====<br />
* Based in New Jersey - USA<br />
* Key areas of responsibility: Individual and Corporate Memberships, Sponsorships, Co-Marketing Agreements, Advertising, Election, and Waspy Awards<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Membership_and_Business_Liaison OWASP Membership & Business Liaison]<br />
<br><br><br />
<br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Event Manager: [https://www.owasp.org/index.php/User:Laura_Grau Laura Grau]====<br />
* Based in Bay Area, California - USA<br />
* Key areas of responsibility: Global AppSec Conference planning, execution, and wrap up; management of OWASP event policies<br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Event_Manager OWASP Event Manager]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Project Coordinator: [https://www.owasp.org/index.php/User:Claudia_casanovas Claudia Aviles-Casanovas]====<br />
* Based in - New Jersey, USA<br />
* Key areas of responsibility: Oversight of the OWASP Projects operational infrastructure that provides support to the project leaders within the OWASP Organization. <br />
* Job Description: [https://www.owasp.org/images/a/a1/OWASP_Project_Coordinator-FabioTobiasAug25.pdf OWASP Project Coordinator]<br />
<br><br><br />
<br />
[[Image:Owasp_logo_icon.jpg|120 px|left]]<br />
====Program Assistant: [https://www.owasp.org/index.php/User:Dawn_Aitken Dawn Aitken]====<br />
* Based in New Jersey - USA<br />
*Key areas of responsibility: Customer service and data management.<br />
*Job Description: [https://www.owasp.org/images/e/e8/OWASPOperationsAdmin.pdf Administrative Assistant]<br />
<br><br><br />
<br />
<br />
[[Image:HugoCosta.jpg|120 px|left]]<br />
====Graphic Design: [https://www.owasp.org/index.php/User:Hugo_Costa Hugo Costa] (Contractor)====<br />
* Based in Portugal<br />
* Key areas of responsibility: Graphic Design <br />
* Job Description: [https://www.owasp.org/index.php/OWASP_Jobs/Graphic_Designer OWASP Graphic Designer]<br />
<br><br><br />
<br />
<noinclude><br><br><br />
<br />
==OWASP HR Resources==<br />
* [https://www.owasp.org/images/2/28/EmployeeHandbook2014.pdf OWASP Foundation Employee Handbook]<br />
* [https://docs.google.com/document/d/1ZWqUOcCYY40yBsdiSf9Y9oY4XLM8AR67VQu9aYN0syI/edit?usp=sharing Employee and Contractor Annual Review Process], [https://docs.google.com/document/d/1yjgy-G5vOvzKN7_vIksElEYtbTwm016SdckvLst_yxw/edit?usp=sharing Employee Self Review and Supervisor Review Form], [https://docs.google.com/document/d/1GsGf5WCsj-6-MVb-vyguiSku7v_XK5K4K6DxX9f2tOQ/edit?usp=sharing Employee Peer Review Form]<br />
*[https://www.owasp.org/index.php/Governance/Conflict_of_Interest_Policy OWASP Conflict of Interest Policy and Annual Questionnaire]<br />
*[https://www.owasp.org/index.php/Governance/Whistleblower_Policy OWASP Whistleblower & Anti-Retaliation Policy]<br />
<br />
</noinclude></div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235674December 6, 20172017-11-21T14:34:47Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
Open call to public or members attending for new items for the good of the foundation <br />
APPROVAL OF MINUTES<br />
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.]<br />
OLD BUSINESS<br />
Update Budget progress - Andrew/Coats<br />
<br />
Update AppSecEU Status - Staff Update and concerns<br />
<br />
Update/2018 Summit - Josh vote by email results <br />
<br />
Update/GDPR - Martin Update<br />
<br />
Update/Chapter Leaders who are not OWASP mmebers and disputes example Spain recent Board thread - Brennan<br />
<br />
NEW BUSINESS<br />
New Hire, Executive Director - Konda<br />
<br />
Current organization chart - Karen<br />
- <br />
<br />
Welcome newly elected Board Mmebers and related actions paperwork/term of office/how the roles are picked for 2018 <br />
- <br />
<br />
NYC Cyber Security Grant Update - Brennan<br />
-<br />
<br />
2018 Association Roundtable 5/10<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
<br />
ADJOURNMENT<br />
- Executive Seasion closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235673December 6, 20172017-11-21T14:30:01Z<p>Brennan: Updates</p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting. All updates should be posted BEFORE FRIDAY December 1st 2017<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] <br />
<br />
<br />
OLD BUSINESS<br />
- Budget progress - Andrew<br />
- AppSecEU Status - Staff Update<br />
- 2018 Summit - Konda<br />
- GDPR - Martin Update<br />
<br />
NEW BUSINESS<br />
- New Hire, Executive Director - Konda<br />
- Organization Chart - Karen<br />
- Welcome newly elected Board Mmebers and related actions paperwork/term of office/how the roles are picked for 2018 <br />
- NYC Cyber Security Grant Update - Brennan<br />
- Association Roundtable 5/10<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
<br />
ADJOURNMENT<br />
- Executive Seasion closed to the public.</div>Brennanhttps://wiki.owasp.org/index.php?title=December_6,_2017&diff=235672December 6, 20172017-11-21T14:20:55Z<p>Brennan: Updated</p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
- Approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
OWASP Foundation is managed by the Executive Director ho provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] <br />
<br />
<br />
OLD BUSINESS<br />
<br />
<br />
NEW BUSINESS<br />
<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
<br />
ADJOURNMENT</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Virtual_Village_Project&diff=235473OWASP Virtual Village Project2017-11-15T14:13:03Z<p>Brennan: /* Project Chapter */</p>
<hr />
<div>=Main=<br />
<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=Virtual_Village<br />
}} <br />
<br />
<br />
Deliverable:<br />
To provide a stable platform of multiple operating systems, Desktop / Servers for Breakers, Defenders and Makers. This will allow them to have a platform where they can build securely and with confidence that the infrastructure will provide them with what they need.<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Virtual Village Project ==<br />
<!---<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span>---><br />
<br />
<!---The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.---><br />
<br />
==Description==<br />
<br />
OWASP Virtual Village has been moved to github. <br />
<br />
https://github.com/OWASP/VirtualVillage <br />
<br />
OWASP Virtual Village provides registered OWASP Members and their approved projects with a virtual machine environment that they can run their projects on for testing purposes. Power and Pipe is donated by [http://www.nyi.net New York Internet] <br />
<br />
{|<br />
|-<br />
|{{#ev:youtube|FCiqIf5h4Mc}}<br />
|}<br />
<br />
<!---<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span>---><br />
<!---The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.--->==Licensing==<br />
<br />
TBD<br />
<br />
<!---<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span>---><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<!---<span style="color:#ff0000"><br />
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc. <br />
</span>---><br />
<br />
[https://docs.google.com/presentation/d/1zs9LfLBL2BjEYSCqMR3qbmrPNA48xi99SR3dUhSg-nY/edit?usp=sharing Slide Overview]<br />
<br />
Interview<br />
== Project Chapter ==<br />
[http://www.meetup.com/OWASP-NYC/ NYC Metro]<br />
<br />
== Project Leaders ==<br />
<!---<span style="color:#ff0000"><br />
A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.<br />
</span>--><br />
<br />
Project leader's name: <br />
<br />
[https://github.com/evinhernandez Evin Hernandez]<br />
<br />
[https://github.com/brennantom Tom Brennan]<br />
<br />
== Project Members ==<br />
<!---<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span>--><br />
[[Dan.damelio@owasp.org|Dan D'Amelio]]<br />
<br />
[[Shahb@vmware.com|Bhavin Shah]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" |<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
<br />
20-Sept AppSecUSA Project Summit<br />
<br />
[https://www.nyi.net/media/more/nyi_is_home_to_the_first_owasp_virtual_lab 3 June 2015 Press Release]<br />
<br />
[https://github.com/evinhernandez/VirtualVillage Virtual Village Github]<br />
<br />
[https://soundcloud.com/owasp-podcast/less-than-10-minutes-series-virtual-village-project '''Virtual Village PodCast''': Less than 10 Minutes series.]<br />
|<br />
<!---<span style="color:#ff0000"><br />
This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project. <br />
</span>---><!---<br />
* [12 Feb 2013] Support for Spanish is now available with this release.<br />
* [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!<br />
* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.<br />
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.<br />
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product. <br />
--->|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!---<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span>--><br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. <br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. <br />
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. <br />
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.<br />
</span>--><br />
<br />
The first contributors to the project were:<br />
* [https://www.nyi.net/nyi-home-to-first-owasp-virtual-lab/ New York Internet]<br />
* [http://www.nestedx2.com/#!about/c13zq Evin Hernandez]<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan]<br />
* [http://www.njit.edu/ New Jersey Institute of Technology (NJIT)]<br />
*DevPatel<br />
*Komal Patel<br />
* Urvashi Patel<br />
* Robin Reyes (PM)<br />
<br />
==Project Sponsor==<br />
Virtual Village is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]] <br />
<br />
Power and Pipe provided by New York Internet<br />
[[File:Nyi logo large.jpg|left|thumb|172x172px]]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.<br />
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active. <br />
</span>--><br />
<br />
==Roadmap==<br />
<br />
Project Roadmap: consist of A dev / test environment initially taking request via email. Eventually users with be able to sign and and request specific resources correlated to a specific project.<br />
<br />
As of <strong>Nov, 2017, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Obtain software<br />
* Configure and install Software<br />
* Provide access to owasp members and host a few owasp projects.<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>Virtual Village</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Minimum Viable Product=<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.<br />
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category. <br />
</span>--><br />
<br />
The Virtual Village Project will provide a platform for members to use and host lab, incubator and flagship projects.<br />
<br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Tool]]</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Virtual_Village_Project&diff=235472OWASP Virtual Village Project2017-11-15T14:12:27Z<p>Brennan: </p>
<hr />
<div>=Main=<br />
<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=Virtual_Village<br />
}} <br />
<br />
<br />
Deliverable:<br />
To provide a stable platform of multiple operating systems, Desktop / Servers for Breakers, Defenders and Makers. This will allow them to have a platform where they can build securely and with confidence that the infrastructure will provide them with what they need.<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Virtual Village Project ==<br />
<!---<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span>---><br />
<br />
<!---The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.---><br />
<br />
==Description==<br />
<br />
OWASP Virtual Village has been moved to github. <br />
<br />
https://github.com/OWASP/VirtualVillage <br />
<br />
OWASP Virtual Village provides registered OWASP Members and their approved projects with a virtual machine environment that they can run their projects on for testing purposes. Power and Pipe is donated by [http://www.nyi.net New York Internet] <br />
<br />
{|<br />
|-<br />
|{{#ev:youtube|FCiqIf5h4Mc}}<br />
|}<br />
<br />
<!---<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span>---><br />
<!---The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.--->==Licensing==<br />
<br />
TBD<br />
<br />
<!---<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span>---><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<!---<span style="color:#ff0000"><br />
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc. <br />
</span>---><br />
<br />
[https://docs.google.com/presentation/d/1zs9LfLBL2BjEYSCqMR3qbmrPNA48xi99SR3dUhSg-nY/edit?usp=sharing Slide Overview]<br />
<br />
Interview<br />
== Project Chapter ==<br />
[http://www.meetup.com/OWASP-NYC/ NYC Metro]<br />
<br />
== Project Leader ==<br />
<!---<span style="color:#ff0000"><br />
A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.<br />
</span>--><br />
<br />
Project leader's name: <br />
<br />
[https://github.com/evinhernandez Evin Hernandez]<br />
<br />
[https://github.com/brennantom Tom Brennan]<br />
<br />
[[Dan.damelio@owasp.org|Dan D'Amelio]]<br />
<br />
[[Shahb@vmware.com|Bhavin Shah]]<br />
<br />
== Related Projects ==<br />
<!---<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span>--><br />
N/A<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" |<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
<br />
20-Sept AppSecUSA Project Summit<br />
<br />
[https://www.nyi.net/media/more/nyi_is_home_to_the_first_owasp_virtual_lab 3 June 2015 Press Release]<br />
<br />
[https://github.com/evinhernandez/VirtualVillage Virtual Village Github]<br />
<br />
[https://soundcloud.com/owasp-podcast/less-than-10-minutes-series-virtual-village-project '''Virtual Village PodCast''': Less than 10 Minutes series.]<br />
|<br />
<!---<span style="color:#ff0000"><br />
This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project. <br />
</span>---><!---<br />
* [12 Feb 2013] Support for Spanish is now available with this release.<br />
* [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!<br />
* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.<br />
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.<br />
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product. <br />
--->|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!---<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span>--><br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. <br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. <br />
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. <br />
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.<br />
</span>--><br />
<br />
The first contributors to the project were:<br />
* [https://www.nyi.net/nyi-home-to-first-owasp-virtual-lab/ New York Internet]<br />
* [http://www.nestedx2.com/#!about/c13zq Evin Hernandez]<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan]<br />
* [http://www.njit.edu/ New Jersey Institute of Technology (NJIT)]<br />
*DevPatel<br />
*Komal Patel<br />
* Urvashi Patel<br />
* Robin Reyes (PM)<br />
<br />
==Project Sponsor==<br />
Virtual Village is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]] <br />
<br />
Power and Pipe provided by New York Internet<br />
[[File:Nyi logo large.jpg|left|thumb|172x172px]]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.<br />
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active. <br />
</span>--><br />
<br />
==Roadmap==<br />
<br />
Project Roadmap: consist of A dev / test environment initially taking request via email. Eventually users with be able to sign and and request specific resources correlated to a specific project.<br />
<br />
As of <strong>Nov, 2017, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Obtain software<br />
* Configure and install Software<br />
* Provide access to owasp members and host a few owasp projects.<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>Virtual Village</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Minimum Viable Product=<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.<br />
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category. <br />
</span>--><br />
<br />
The Virtual Village Project will provide a platform for members to use and host lab, incubator and flagship projects.<br />
<br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Tool]]</div>Brennanhttps://wiki.owasp.org/index.php?title=November_8,_2017&diff=235109November 8, 20172017-11-06T23:14:35Z<p>Brennan: </p>
<hr />
<div>Meeting Location: <br />
<br />
'''VIRTUAL'''<br />
<br />
https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''AGENDA'''<br />
This is the VIRTUAL packet that is provided to everyone at the same time to review, make comments and be prepared for the meeting. There is no paper handout for the meeting.<br />
<br />
CALL TO ORDER<br />
- Chairman Report<br />
<br />
- Officers Reports<br />
CHANGES TO THE AGENDA<br />
FINAL CALL members of the public for additional items or changes to the proposed agenda. All members of the organization or public will be provided 2 mins to make statements to the board about new business or comments. If a action is requested such as a motion and a vote, the member should get in contact with a board member PRIOR to the meeting so that this can be introduced on the agenda. <br />
<br />
Board members should have posted items (5) days in advance of the board meeting to provide others ample time to review the materials in advance and be ready.<br />
APPROVAL OF MINUTES<br />
- Review and approval of prior [https://docs.google.com/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag prior meeting mins]<br />
<br />
REPORTS<br />
- Staff Action / Accountability Monthly Report<br />
<br />
OWASP Foundation is managed by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors Operations Director] who provides a monthly roll-up report in collaboration of all staff members, contractors and efforts being manged by the [https://www.owasp.org/index.php/About_OWASP#Employees_and_Contractors back office team.] A link to the monthly operational report can be found here: [http://owasp.blogspot.com/2017/01/owasp-operations-update-for-january-2017.html REPORT]<br />
<br />
OLD BUSINESS<br />
<br />
- [https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project Project workflow] (Tracking / Reporting / Management)<br />
NEW BUSINESS<br />
<br />
- Members/Public comments<br />
<br />
-- Sophie Barry GDPR for OWASP -- [https://www.theguardian.com/voluntary-sector-network/2017/may/05/gdpr-charities-prepare-eu-data-protection-changes-consent-fundraising Article] <br />
<br />
-- Andrew van der Stock - Fix Project Balance for the OWASP SAMM project (added by Seba)<br />
* The project asks for the return 3677.22 USD to the SAMM project funds removed on 2-Jan-2017.<br />
* see email http://lists.owasp.org/pipermail/owasp-board/2017-October/018357.html (see attachment)<br />
<br />
-- <$name> purpose<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
- OCMS Status / [https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference Upcoming events]<br />
<br />
- Update Executive Director Search<br />
<br />
- Update Senior Technical Project Coordinator<br />
<br />
<br />
ADJOURNMENT<br />
<nowiki>##</nowiki> Executive Session - Closed to the PUBLIC to start after a (5) min break of the end of the member/public board meeting. <br />
<br />
Purpose: http://www.nonprofitlawblog.com/executive-session-tips/</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Incident_Response_Project&diff=234925OWASP Incident Response Project2017-11-03T20:30:56Z<p>Brennan: </p>
<hr />
<div>=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP_Incident_Response_Project<br />
}} <br />
<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Top 10 Guidance for Incident Response==<br />
<br />
==Audience==<br />
<br />
Breaches happen every day as you learn about them in the news. Is your business prepared? This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement & legal council. This guidance should be considered when building a comprehensive approach. This guidance is intends to guide the reader on topics that need to be part of the plan in your organization, this includes those responsible for managing the business and technical risk of the entire organization.<br />
<br />
==Licensing==<br />
<br />
Creative Commons Attribution-NonCommercial-ShareAlike<br />
==Project Sponsor==<br />
OWASP Top 10 Guidance for Incident Response project is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== In Print ==<br />
<br />
[https://www.owasp.org/images/9/92/Top10ConsiderationsForIncidentResponse.pdf Version 1.0 .PDF Version]<br />
<br />
== Presentation ==<br />
<br />
[https://www.owasp.org/images/b/bd/IR_Top_10_Considerations_-_Slides-v2.pdf Slides]<br />
<br />
== Project Leader ==<br />
<br />
[https://www.owasp.org/index.php/User:Brennan Tom Brennan] [http://www.twitter.com/brennantom @brennantom]<br />
<br />
== Version 2.0 ==<br />
Want to help out and make this project BETTER? Add your comments here<br />
[https://docs.google.com/document/d/1TbIwFW_Z1d7jhnQL9vkdBzFtRC1lmHp9JpTXYXyN58A/edit?usp=sharing Version 2.0 GoogleDocs - Add Comments]<br />
<br />
== Related Projects ==<br />
<br />
[https://www.owasp.org/index.php/OWASP_Anti-Ransomware_Guide_Project OWASP Randsomware]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top 10]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheat Sheets]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security CRS]<br />
<br />
[https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project Web Hacking Incident Database]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
* Release date 12/7/2015 NYC Chapter Meeting<br />
* Malware<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Incident Response Project is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan], [http://www.proactiverisk.com ProactiveRISK]<br />
* Jason Jolo, [http://www.proactiverisk.com ProactiveRISK]<br />
* Jordan Lewis<br />
* <insert your name><br />
* <insert your name><br />
<br />
Want to help? Get in touch with us<br />
<br />
==Others==<br />
* OWASP NYC Metro Chapter<br />
<br />
= Road Map and Getting Involved =<br />
Involvement in the development and promotion of OWASP Incident Response Project is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
<br />
* Proof Reading<br />
* Graphic Design<br />
* Conduct Industry Survey<br />
* Educate local communities<br />
* list of open-source IR tools<br />
* <insert your idea><br />
<br />
=Project About=<br />
{{:Projects/OWASP_Incident_Response_Project}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Cyber_Defense_Matrix&diff=234924OWASP Cyber Defense Matrix2017-11-03T20:30:08Z<p>Brennan: </p>
<hr />
<div>= Main =<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=OWASP_Cyber_Defense_Matrix<br />
}} <br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Introduction to the Cyber Defense Matrix==<br />
Imagine going into a grocery store to shop for Thanksgiving dinner, but instead of seeing nice, orderly aisles, you see a massive pile of food in the middle of the grocery store. Finding the ingredients that you need to make dinner is going to be extremely hard because there’s no organizational system helping you understand where things are. The disorganization makes it very difficult to find what you need and compare competing products.<br />
<br />
The cybersecurity vendor marketplace is like this disorganized grocery store. A proof of this assertion can be seen by looking at the vendor hall at any major security conference. The cacophony of sounds from vendors hawking their wares, the confusing language of the vendor’s marketecture, and the lack of any semblance of organization (aside from biggest to smallest) does not help buyers understand what they need or where to find it.<br />
<br />
Because the cybersecurity community does not use consistent terminology to describe what we need, there is much confusion about what many vendor products actually do. Instead of a clear articulation of a product's capabilities, we are bombarded with overused, trendy jargon that usually leaves us wondering if the product can really solve any of our woes. Some organizations even organize themselves according to the jargon. We need to stop letting marketing pitches dictate our terminology and not lose sight of the more bland descriptors that actually tell us what something does.<br />
<br />
The Cyber Defense Matrix helps us understand what we need organized through a logical construct so that when we go into the security vendor marketplace, we can quickly discern what products solve what problems and be informed on what is the core function of a given product. In addition, the Cyber Defense Matrix provides a mechanism to ensure that we have capabilities across the entire spectrum of options to help secure our environments.<br />
<br />
Although the Cyber Defense Matrix was initially created to help organize security technologies, many other use cases have been discovered to help build, manage, and operate a security program. This project intends to capture these use cases and their implementations to help security practitioners mature their security programs.<br />
<br />
==Description of the Cyber Defense Matrix==<br />
<br />
The basic construct of the Cyber Defense Matrix starts with two dimensions. The first dimension captures the five operational functions of the NIST Cybersecurity Framework:<br />
{| class="wikitable"<br />
!IDENTIFY<br />
!PROTECT<br />
!DETECT<br />
!RESPOND<br />
!RECOVER<br />
|}<br />
The second dimension captures five assets classes that we try to secure:<br />
{| class="wikitable"<br />
!DEVICES<br />
|-<br />
!APPLICATIONS<br />
|-<br />
!NETWORKS<br />
|-<br />
!DATA<br />
|-<br />
!USERS<br />
|}<br />
When these two dimensions are put into a grid, we arrive at with a five-by-five matrix that we call the “Cyber Defense Matrix.”<br />
<div style="width:100%;border:0,margin:0;">[[File:Cyber Defense Matrix.png|center]]</div><br />
<br />
There is one more important piece of this matrix. At bottom of the grid, we show a continuum that characterizes the degree of dependency on technology, people, and process as we progress through the five operational functions of the NIST Cybersecurity Framework. TECHNOLOGY plays a much greater role in IDENTIFY and PROTECT. As we move to DETECT, RESPOND, and RECOVER, our dependency on TECHNOLOGY diminishes and our dependency on PEOPLE grows. Throughout all five operational functions, there's a consistent level of dependency on PROCESS. This continuum helps us understand where we might have imbalances in our reliance on PEOPLE, PROCESS, and TECHNOLOGY when trying to tackle our cybersecurity challenges.<br />
<br />
We believe that this matrix is a realistic model describes a broad range of cybersecurity practices. In this website, you will find several insights on the Cyber Defense Matrix and examples of how to leverage it to address the challenges that we face in cybersecurity.<br />
<br />
If you discover a new use of the Cyber Defense Matrix, we would love to hear about it. Likewise, if you find a problem with the matrix in that it doesn't seem to properly describe something that we do in cybersecurity, please point that out, and we'll either adjust the matrix or clarify how that perceived discrepancy can be addressed or explained through the matrix.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Presentations and Other Media ==<br />
<br />
[https://www.rsaconference.com/writable/presentations/file_upload/pdil-w02f_understanding_the_security_vendor_landscape...-final.pdf Cyber Defense Matrix Presentation at RSA Conference 2016]<br />
<br />
[[Cyber Defense Matrix Handouts]]<br />
== Project Leader ==<br />
<br />
* [[Sounil@gmail.com|Sounil Yu]]<br />
* [[Tomb@owasp.org|Tom Brennan]]<br />
<br />
== Mailing List: ==<br />
[https://lists.owasp.org/mailman/listinfo/owasp_cyber_defense_matrix owasp_cyber_defense_matrix@lists.owasp.org]<br />
<br />
== FAQs ==<br />
* TBD<br />
<br />
== Roadmap ==<br />
* Document structure of the Cyber Defense Matrix (July 2017)<br />
* Map vendors to the Cyber Defense Matrix (September 2017 and ongoing)<br />
* Map NIST NICE NCWF skillsets to the Cyber Defense Matrix (September 2017)<br />
* Define attributes that can support measurement of efficacy of capability (December 2017 and ongoing)<br />
* Define Design Patterns and Business Constraints aligned against the Cyber Defense Matrix (June 2018 and ongoing)<br />
* Capture anecdotal and empirical measurements of capability degradation rates (December 2018)<br />
* Incorporate and document new use cases as they are discovered (Ongoing)<br />
<br />
== Related Projects ==<br />
* TBD<br />
<br />
== Licensing ==<br />
The Cyber Defense Matrix, originally created by Sounil Yu, is licensed under the http://creativecommons.org/licenses/by-sa/4.0/ Creative Commons Attribution-ShareAlike 4.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== MAILING LIST ==<br />
* [https://lists.owasp.org/mailman/listinfo/owasp_cyber_defense_matrix CLICK TO JOIN]<br />
<br />
== News and Events ==<br />
<br />
* [01 May 2017] Project updated<br />
* [26 June 2017] Update<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
= FAQs =<br />
<br />
== How can I participate in your project? ==<br />
Join the mailing list, say hello! <br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. <br />
<br />
= Roadmap =<br />
* Document structure of the Cyber Defense Matrix (July 2017)<br />
* Map vendors to the Cyber Defense Matrix (September 2017 and ongoing)<br />
* Map NIST NICE NCWF skillsets to the Cyber Defense Matrix (September 2017)<br />
* Define attributes that can support measurement of efficacy of capability (December 2017 and ongoing)<br />
* Define Design Patterns and Business Constraints aligned against the Cyber Defense Matrix (June 2018 and ongoing)<br />
* Capture anecdotal and empirical measurements of capability degradation rates (December 2018)<br />
* Incorporate and document new use cases as they are discovered (Ongoing)<br />
<br />
= Contributors =<br />
<br />
Everyone is invited to collaborate on this project.<br />
= Events and Opportunities to Get Involved =<br />
April 5th 2017 project announced publicly at the [https://www.meetup.com/owaspnyc/events/236400067/ OWASP NYC Chapter Meeting] call for DATA is OPEN<br />
<br />
June 2017 - Project Submitted and Approved by OWASP Foundation, page online<br />
<br />
July 2017 - Planning for BlackHat/Defcon Face to Face Meet-Up<br />
<br />
Aug 2017 - <Summer Hiatus><br />
<br />
Sept 2017 - AppSecUSA Project Summit<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Document]]</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_RFP-Criteria&diff=234923OWASP RFP-Criteria2017-11-03T20:29:27Z<p>Brennan: change</p>
<hr />
<div><br />
<br />
=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=RFP_CRITERA<br />
}} <br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP RFP Criteria==<br />
The purpose of this project is to simply provide an objective list of important set of questions companies should utilize when they issue a Request For Proposal for Web Application Security Projects.<br />
<br />
A Request For Proposal, (RFP) is a call made by an organization soliciting for bids by service providers or vendors to meet a need and it is often done by documents.<br />
<br />
The information provided in RFPs are important and when you create an RFP for an Application Security Verification project , emphasis should be on providing clear information about the scope of verification activities and evaluation criteria so prospective service providers and vendors can submit proposals that are comparable.<br />
<br />
You also need to provide adequate background information about the company soliciting for bids and other relevant information that can ensure that the project life cycle is successful. Also it is important that prospective service providers or vendors provide detailed information that helps the client to make an informed decision on who is the best fit for the project. <br />
<br />
Usually this information may include standard questions such as proposed Application Security Verification Methodologies for defined tasks, relevant project experience etc. Others may include Security Coverage, Risk Evaluation Process , Reporting Techniques etc.<br />
<br />
We outline in subsequent sections detailed information that should be provided for each application that is subject to verification in an Application Security Verification project.<br />
<br />
==Audience==<br />
<br />
The project is written to raise visibility for software security related questions that buyers of services should consider when issuing a request for quote as example or in procurement process. Supply chain management as noted by DHS referring this project [https://buildsecurityin.us-cert.gov/swa/forums-and-working-groups/acquisition-and-outsourcing DHS SWA]<br />
<br />
==Licensing==<br />
<br />
The OWASP RFP Criteria Project and project components is licensed under '''https://creativecommons.org/licenses/by-nc-sa/3.0/''' , the Creative Commons Attribution-NonCommercial-ShareAlike license. This implies that you must give appropriate credit , provide a link to the license and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. Also note that the material cannot be used for commercial purpose and if you transform or build on the material , you are required to distribute your contributions under the same license as the original.<br />
<br />
==Project Sponsor==<br />
OWASP RFP Criteria project is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== In Print ==<br />
<br />
See below<br />
<br />
[https://www.owasp.org/images/a/a3/OWASP_RFP_Best_Pract.pdf OWASP RFP CRITERIA]<br />
<br />
== Presentation ==<br />
<br />
See Below.<br />
<br />
[https://www.owasp.org/images/1/10/OWASP_RFP.pptx OWASP RFP CRITERIA Presentation]<br />
<br />
== Project Leader ==<br />
<br />
[https://www.owasp.org/index.php/User:Brennan Tom Brennan] [http://www.twitter.com/brennantom @brennantom]<br />
<br />
== Version 2.0 ==<br />
Want to help out and make this project BETTER? Add your comments here<br />
[https://docs.google.com/document/d/17_CrTAmhaump4C-I2-zH-lllmFWkP3GscHkKo86z_wM/edit?usp=sharing Version 2.0 GoogleDocs - Add Comments]<br />
<br />
== Related Projects ==<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top 10]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series OWASP Cheat Sheets]<br />
<br />
[https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project OWASP Mod_Security CRS]<br />
<br />
[https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project Web Hacking Incident Database]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
<br />
== News and Events ==<br />
* Release date 1/27/2015 NJ Chapter Meeting<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Incident Response Project is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan], [http://www.proactiverisk.com ProactiveRISK]<br />
* Jason Jolaoso, [http://www.proactiverisk.com ProactiveRISK]<br />
* Jeff Williams<br />
* Mike Esposito<br />
* <insert your name><br />
<br />
Want to help? Get in touch with us<br />
<br />
==Others==<br />
* OWASP NYC Metro Chapter<br />
<br />
= Road Map and Getting Involved =<br />
Involvement in the development and promotion of OWASP RFP Criteria Project is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
<br />
* Proof Reading<br />
* Graphic Design<br />
* Conduct Industry Survey<br />
* Educate local communities<br />
* list of open-source IR tools<br />
* <insert your idea><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
====== OLD TEMPLATE BELOW THIS (WE ARE UPGRADING IT COME BACK LATER ;) ======<br />
<br />
==== Project Details ====<br />
{{:Projects/RFP-Criteria | Project About}}<br />
<br />
[http://www.proactiverisk.com http://www.owasp.org/images/7/71/Proactiverisk.jpg]<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP RFP-Criteria|RFP-Criteria]]<br />
<br />
==== Main ====<br />
The information in this document will help you to create a standard , detailed RFP for Application Security Verification projects that service providers or vendors can work with to submit relevant comparable proposals for an organization.<br />
<br />
<br />
__TOC__<br />
<br />
=Application Security Verification.=<br />
==Recommended Information the Client (your Organization) should provide to Service Providers/Vendors.==<br />
<br />
1. '''Lines of code.''' Lines of Code (LOC) or sometimes referred to as Source Lines of Code (SLOC) is a prerequisite for any verification task that involves the review of source code. This software metric (LOC) provides information about the scale of the program under review. There are software packages on the public domain such as LocMetrics on http://locmetrics.com or CLOC on http://cloc.sourceforge.net/ which can be used to count the number of lines of code. Additional information about LOC such as if the count included commented source code or not is also beneficial<br />
<br />
2.'''Number of dynamic pages.''' Information about the number of dynamic pages is advisable as it provides insights about the scale of the application under assessment. It is important for verification efforts that involved manual penetration testing. When estimating the amount of dynamic pages , pay attention to pages with unique functionality or purpose. If you have urls like:<br/><br />
i. /display_results.php?rs=1 , <br/><br />
ii. /display_results.php?rs=2 ,<br/> <br />
iii./display_results.php?rs=3 , <br/><br />
<br />
you need to ensure that you confirm if they refer to a single unique dynamic page or not<br />
<br />
3. '''An Inventory of user roles and role descriptions.''' The catalog of user roles is endorsed for all verification efforts as it furnishes business context for vulnerabilities (if any) established.<br />
<br />
4. '''Brief Application Summary and Application architecture.''' This is mission critical for applications with non-standard architectures such as those using thick clients, web services or integration with legacy systems but not so paramount for applications with a standard web application architecture (web server, application server, database server setup).<br />
<br />
5.'''Degree of verification expected .''' To manage or prevent suppliers providing erratic bids that vary in figures or timelines ,There is a need to provide definitive guidance on the level of verification desired. This should include requirements for or on: <br/><br />
a. Dynamic vulnerability scanning. <br/><br />
b. Manual code review. <br/><br />
c. Manual penetration testing. <br/><br />
d. Static analysis. <br/><br />
e. Security architecture review. <br/><br />
f. Malicious code analysis. <br/><br />
g. Threat modeling.<br />
<br />
6. '''The frequency or duration for performing verification.''' It is important to indicate if you want a single verification exercise or if you want several many verification exercises executed within a specified time-frame.<br />
<br />
==Recommended RFP Questions (Responses are made by Service Providers/Vendors to Client).==<br />
<br />
=== Company Background.===<br />
a. Summarize the product(s) or service(s) provided by your company.<br />
<br />
b. How long has your company been providing products or services relevant to this project? Please provide any relevant information about major milestones such as significant acquisitions , mergers or the introduction or elimination of relevant lines of business.<br />
<br />
c. Please provide succinct information your past experience with applications of a similar scope, complexity, and vertical as the applications to be verified in this project.<br />
<br />
d. Outline your familiarity and experience with the frameworks, libraries,languages and other relevant technologies that comprise the applications to be verified.<br />
<br />
e. Are you involved with organizations or stakeholders in the application security community, such as the '''Open Web Application Security Project (OWASP)''' and the '''Web Application Security Consortium (WASC)'''? if yes , what roles do you play ?<br />
<br />
f. Provide other helpful background information about your organization and your qualification to supply the required product/service.<br />
<br />
=== Application Security Verification Methodology.===<br />
a. Outline , in clear details your proposed methodology for all the verification techniques to be utilized:<br />
i. Dynamic vulnerability scanning.<br/><br />
ii. Malicious code analysis.<br/><br />
iii. Manual code review.<br/><br />
iv. Manual penetration testing.<br/><br />
v. Security architecture review.<br/><br />
vi. Static analysis.<br/><br />
vii. Threat modeling.<br/><br />
<br />
b. What would you require from the client to prepare for and successfully execute an application verification exercise ?<br />
<br />
c. Would you be using multiple techniques for this project ? If yes how will you combine these in the verification exercise?<br />
<br />
d. Describe your proposed level of communication/ interaction with software development teams , security experts, and business process owners during the verification process.<br />
<br />
===Security Coverage.===<br />
a. Explain the vulnerability and security control coverage that is provided by your verification efforts. Where relevant , supply references to the OWASP ASVS,[http://projects.webappsec.org/Threat-Classification WASC 24] Broad Classes of Attacks, and the [http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top 10]<br />
<br />
b. Provide the different levels of efforts that you will provider for the verification effort. What are the differences in security coverage between these levels?<br />
<br />
c. Presently , are you able to test (precisely) for Cross-Site Request Forgery (CSRF) and HTTP Response Splitting?<br />
<br />
d. What are potential gaps in coverage for the current proposal and what steps would you take to mitigate the gaps?<br />
<br />
e. Does your solution meet current PCI 6.6 standards?<br />
<br />
<br />
===Application Coverage.===<br />
a. How effectively does your product/service baseline an application?<br />
<br />
b. How do you adjust your product/service to verify an application most effectively?<br />
<br />
c. What methods or techniques do you use to ensure coverage of the entire application?<br />
<br />
d. How do you corroborate with a customer that you are providing accurate coverage of the targeted application?<br />
<br />
e. What potential gaps (if any) exists between your proposed solution and the platform and architecture of the application under verification? A case in point - if the target application contains both web pages and web services and your testing does not cover web services this would indicate a gap.<br />
<br />
<br />
===Risk Evaluation.===<br />
a. Outline your risk evaluation process for establishing the probable vulnerabilities you might discover and it’s business impact.<br />
<br />
b. What is your procedure for managing the reporting of false positives?<br />
<br />
c. Outline your procedures for categorizing similar risks for easy absorption and rectification.<br />
<br />
===Differentiators.===<br />
a. What aspect of the verification process do you find most challenging ( if any )?<br />
<br />
b. Tell us why your approach towards this project is exceptional or singular. How and why is this important to the client?<br />
<br />
===Scope.===<br />
a. What are the time estimates for implement your product/service in a similar verification exercise?<br />
<br />
b. How does the proposed solution scale for multiple websites?<br />
<br />
c. What are the advised steps for curtailing the impact of testing on the performance of applications during the testing process?<br />
<br />
d. Indicate if your product or service provisions for on-demand / ad hoc testing.<br />
<br />
e. What is the lead time required to initiate testing?<br />
<br />
===Security.===<br />
<br />
a. What are your procedures for protecting client’s information made available to you? Outline in detail your network security, information storage security, and need-to-know policy.<br />
<br />
b. Describe the level of confidence you have in staff that would have access to our information in this project.<br />
<br />
c. Outline the techniques and policies for information exchange between you (the vendor)and us(the client)during this exercise.<br />
<br />
d. Describe your procedure for deleting and purging information from your systems at the completion of this project.<br />
<br />
e. How would you compartmentalize our information from the risk information belonging to your other clients?<br />
<br />
f. Outline (with tangible evidence) that your systems and network is protected from attacks.<br />
<br />
===Burden.===<br />
a. Outline any resource (human) requirements from our organization. This should include technical/operational skill sets and experience.<br />
<br />
b. Specify in details the requirements you require from us to execute the verification exercise.<br />
<br />
===Reporting Interface.===<br />
<br />
a. Outline your risk documentation structure. This should include:<br />
i. The Title. <br/><br />
ii. The Location (URL and/or line of code).<br/><br />
iii. Specific vulnerability description.<br/><br />
iv. Risk likelihood, business impact, and severity.<br/><br />
v. Code snippets.<br/><br />
vi. Specific remediation recommendations.<br/><br />
<br />
b. Explain the risk model you utilize . How can it be customized to meet your client’s standards and expectations ?<br />
<br />
c. Explain your reporting interface employing criteria such as the learning curve, how reporting components are structured, etc.<br />
<br />
d. How do you or your product or services deliver (important) updates on new identified web application risks? <br />
<br />
e. What trend and historical reports do you provide that monitor identified/open/closed risks and the ongoing remediation exercise?<br />
<br />
f. Is it possible to generate status reports to show the risk status of separate web applications, and the overall security health of all web applications?<br />
<br />
g. Are these reports customizable for different stakeholders i.e management.<br />
<br />
h. Do you have any standard scripts or standard integration that are bundled with your solution? If yes indicate the applications.<br />
<br />
i. Do your reports provide specific directions for application developers, attuned to the exact problem in the code?<br />
<br />
j. What is your process for timely and reliable reporting of risks for stakeholders?<br />
<br />
k. How often is your reporting interface updated? What process do you follow for this updates?<br />
<br />
l. What benchmark exists for developers to know if they have successfully re-mediated a risk?<br />
<br />
===Innovation.===<br />
a. Are there any recent innovations or products your firm has delivered that has resulted in improved service delivery for clients?<br />
<br />
b. What is your process for identifying new categories of vulnerabilities and test for this?<br />
<br />
c. What is your process of identifying new attack techniques that can be used to exploit known vulnerabilities ?<br />
<br />
d. What is your process for testing new technologies (e.g. new versions of Flash) for vulnerabilities?<br />
<br />
===Integration.===<br />
a. What are the standard data formats your product/service produce or export?<br />
<br />
b. What other relevant technologies (for example, Firewall Applications) does your product/service integrate with? <br />
<br />
c. How will the integration work and what benefits will they bring?<br />
<br />
===Benefits.===<br />
a. How can you increase the efficiency of the remediation process?<br />
<br />
b. In your opinion , what is the balance of internal and external resources in an ideal application security program?<br />
<br />
c. Can you provide precise results and diminish/eliminate false positives ?<br />
<br />
d. Can provide a proof of concept for a positive Return on Investment (ROI) and an increase in benefits to management?<br />
<br />
e. Do you have the capacity to influence secure coding techniques / reduce time spent debugging? If yes , How?<br />
<br />
f. Outline the technical and business advantage we would gain from working with you in this project.<br />
<br />
===Supporting Services.===<br />
a. Explain any knowledge transfer process or procedure i.e training , platforms etc you will provide with the verification effort.<br />
<br />
b. What remediation support do you provide to software development teams?<br />
<br />
===Client Support Details.===<br />
a. Outline your client or customer support framework . What are the of support levels you provide and what are the escalation procedures?<br />
<br />
b. Do provide a ticket raising and tracking system ? How are your open tickets tracked and closed?<br />
<br />
c. What Service Level Agreement(SLA) do you offer ?<br />
<br />
===Pricing/Licensing Information.===<br />
a. What terms or conditions are linked to the product or service ?Do you have a sample Software License Agreement we can review ?<br />
<br />
b. Describe clearly your proposed pricing model.<br />
<br />
c. Outline clearly other cost implications which are attached to this bid and requires our attention.<br />
<br />
d. Do you provide pro-bono training or consulting services or attach costs to them ? If yes what are the charges attached to them?</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_HTTP_Post_Tool&diff=234922OWASP HTTP Post Tool2017-11-03T20:28:31Z<p>Brennan: </p>
<hr />
<div>__NOTOC__<br />
<br />
<br />
=Main=<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=Switch_Blade<br />
}} <br />
<br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Switchblade 4.0 ==<br />
<br />
==Introduction==<br />
<br />
OWASP Switchblade is a denial of service tool used for testing the availability, performance and capacity planning of a web application to be proactive about this type of risk condition<br />
<br />
==Description==<br />
<br />
The projected started in early 2000 as a way to test the capacity of simultaneous users connected to a web application and was not public tool. In 2010 the tool was created by [http://www.proactiverisk.com ProactiveRISK] to educate the OWASP Community about the Denial of Service conditions that can exist with Layer7<br />
<br />
Watch the [https://youtu.be/lYQFF4Ki8_s LIVE DEMO] Video<br />
<br />
==Licensing==<br />
OWASP Switchblade is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Switchblade ==<br />
<br />
OWASP Switchblade provides (3) different types of denial of service conditions that can be tested from a single machine<br />
<br />
* SSL Half Connect<br />
* HTTP Post Attack<br />
* Slowloris<br />
<br />
== Presentation ==<br />
<br />
Link to [http://www.owasp.org/images/4/43/Layer_7_DDOS.pdf presentation]<br />
<br />
== Project Leader ==<br />
<br />
[http://www.proactiverisk.com Tom Brennan]<br />
<br />
== Related Projects ==<br />
[https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
* [https://drive.google.com/file/d/0B2KpD4S8_DdReFJCUVJpaXhKSUU/view?usp=sharing Windows Installer] <br><br />
* [https://github.com/proactiveRISK/ddos-toolbox GITHUB]<br />
<br />
== Email List ==<br />
<br />
N/A<br />
<br />
== News and Events ==<br />
* March 27th 2017 added .ZIP file<br />
<br />
== In Print ==<br />
N/A<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}</div>Brennanhttps://wiki.owasp.org/index.php?title=OWASP_Virtual_Village_Project&diff=234921OWASP Virtual Village Project2017-11-03T20:27:26Z<p>Brennan: </p>
<hr />
<div>=Main=<br />
<br />
{{#widget:PayPal Donation<br />
|target=_blank<br />
|budget=Virtual_Village<br />
}} <br />
<br />
<br />
Deliverable:<br />
To provide a stable platform of multiple operating systems, Desktop / Servers for Breakers, Defenders and Makers. This will allow them to have a platform where they can build securely and with confidence that the infrastructure will provide them with what they need.<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Virtual Village Project ==<br />
<!---<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span>---><br />
<br />
<!---The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.---><br />
<br />
==Description==<br />
<br />
OWASP Virtual Village has been moved to github. <br />
<br />
https://github.com/OWASP/VirtualVillage <br />
<br />
OWASP Virtual Village provides registered OWASP Members and their approved projects with a virtual machine environment that they can run their projects on for testing purposes. Power and Pipe is donated by [http://www.nyi.net New York Internet] <br />
<br />
{|<br />
|-<br />
|{{#ev:youtube|FCiqIf5h4Mc}}<br />
|}<br />
<br />
<!---<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span>---><br />
<!---The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.--->==Licensing==<br />
<br />
TBD<br />
<br />
<!---<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span>---><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<!---<span style="color:#ff0000"><br />
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc. <br />
</span>---><br />
<br />
[https://docs.google.com/presentation/d/1zs9LfLBL2BjEYSCqMR3qbmrPNA48xi99SR3dUhSg-nY/edit?usp=sharing Slide Overview]<br />
<br />
Interview<br />
== Project Chapter ==<br />
[http://www.meetup.com/OWASP-NYC/ NYC Metro]<br />
<br />
== Project Leader ==<br />
<!---<span style="color:#ff0000"><br />
A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.<br />
</span>--><br />
<br />
Project leader's name: <br />
<br />
[https://github.com/evinhernandez Evin Hernandez]<br />
<br />
[https://github.com/brennantom Tom Brennan]<br />
<br />
Dan D'Amelio<br />
<br />
Bhavin Shah<br />
<br />
== Related Projects ==<br />
<!---<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span>--><br />
N/A<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" |<br />
|}<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== News and Events ==<br />
<br />
20-Sept AppSecUSA Project Summit<br />
<br />
[https://www.nyi.net/media/more/nyi_is_home_to_the_first_owasp_virtual_lab 3 June 2015 Press Release]<br />
<br />
[https://github.com/evinhernandez/VirtualVillage Virtual Village Github]<br />
<br />
[https://soundcloud.com/owasp-podcast/less-than-10-minutes-series-virtual-village-project '''Virtual Village PodCast''': Less than 10 Minutes series.]<br />
|<br />
<!---<span style="color:#ff0000"><br />
This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project. <br />
</span>---><!---<br />
* [12 Feb 2013] Support for Spanish is now available with this release.<br />
* [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!<br />
* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.<br />
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.<br />
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product. <br />
--->|}<br />
<br />
=FAQs=<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!---<span style="color:#ff0000"><br />
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'<br />
</span>--><br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. <br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. <br />
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. <br />
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.<br />
</span>--><br />
<br />
The first contributors to the project were:<br />
* [https://www.nyi.net/nyi-home-to-first-owasp-virtual-lab/ New York Internet]<br />
* [http://www.nestedx2.com/#!about/c13zq Evin Hernandez]<br />
* [https://www.owasp.org/index.php/User:Brennan Tom Brennan]<br />
* [http://www.njit.edu/ New Jersey Institute of Technology (NJIT)]<br />
*DevPatel<br />
*Komal Patel<br />
* Urvashi Patel<br />
* Robin Reyes (PM)<br />
<br />
==Project Sponsor==<br />
Virtual Village is sponsored by [http://www.proactiverisk.com ProactiveRISK Inc.].<br />
<br />
[[File:Proactiverisk_logo_v2.jpg | link=http://www.proactiverisk.com]] <br />
<br />
Power and Pipe provided by New York Internet<br />
[[File:Nyi logo large.jpg|left|thumb|172x172px]]<br />
<br />
= Road Map and Getting Involved =<br />
<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.<br />
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active. <br />
</span>--><br />
<br />
==Roadmap==<br />
<br />
Project Roadmap: consist of A dev / test environment initially taking request via email. Eventually users with be able to sign and and request specific resources correlated to a specific project.<br />
<br />
As of <strong>May, 2016, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Obtain software<br />
* Configure and install Software<br />
* Provide access to owasp members and host a few owasp projects.<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>Virtual Village</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Minimum Viable Product=<br />
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--><br />
<!--<span style="color:#ff0000"><br />
This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.<br />
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category. <br />
</span>--><br />
<br />
The Virtual Village Project will provide a platform for members to use and host lab, incubator and flagship projects.<br />
<br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Builders]] <br />
[[Category:OWASP_Defenders]] <br />
[[Category:OWASP_Tool]]</div>Brennan