=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |


Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.


==OWASP Tool Project Template==

This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.


The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.

==Description==

This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.


The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.

Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.

Contextual custom dictionary builder with character substitution and word variations for pen-testers

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.


[https://github.com/SamanthaGroves Installation Package]

[https://github.com/SamanthaGroves Source Code]

[https://github.com/SamanthaGroves What's New (Revision History)]

[https://github.com/SamanthaGroves Documentation]

[https://github.com/SamanthaGroves Wiki Home Page]

[https://github.com/SamanthaGroves Issue Tracker]

[https://github.com/SamanthaGroves Slide Presentation]

[https://github.com/SamanthaGroves Video]

== Project Leader ==

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.


Project leader's name

== Related Projects ==

This is where you can link to other OWASP Projects that are similar to yours.

* [[OWASP_Code_Project_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

* [12 Feb 2013] Support for Spanish is now available with this release.
* [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!
* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

|}

=FAQs=



Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'


==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==



The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.


The OWASP Tool Project Template is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] who created the OWASP Cornucopia project that the template was derived from
* [https://www.owasp.org/index.php/User:Chuck_Cooper Chuck Cooper] who edited the template to convert it from a documentation project to a Tool Project Template
* '''YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES'''

= Road Map and Getting Involved =



A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.


==Roadmap==
As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Tool Project Template
* Get other people to review the Tool Project Template and provide feedback
* Incorporate feedback into changes in the Tool Project Template
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
Involvement in the development and promotion of Tool Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the Tool Project Template into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Minimum Viable Product=


This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.


The Tool Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

=Project About=
Addtional Instructions for making changes:

The About 'tab' on that page is done with a MediaWiki template. If you log into the wiki page for your project and click the "Edit" button/link/tab in the top-right between 'Read' and 'View History', you'll see the edit page for the main body of your project page.

If you scroll down below the form to edit that page (below the "Save page", "Show preview", "Show changes" buttons, you'll see some text with a triangle in front of it reading "Templates used on this page:" A list will expand if you click on the triangle/text to show the templates that make up this page. The one you want is the "Projects/OWASP Example Project About Page" - click the (edit) next to this to edit that template. The direct link is: https://www.owasp.org/index.php?title=Projects/OWASP_Example_Project_About_Page&action=edit

The template takes 'input' that are key/value pairs where you'll need to edit the stuff after the equals (=) like:
project_name =Place your project name here.

You'd edit the bold bit.



This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


{{:Projects/OWASP_Example_Project_About_Page}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]

OWASP Honeypot Project

2018-04-30T12:35:21Z

Claudia casanovas: Created page with "Main Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of..."

Main

Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.

OWASP Tool Project Template

This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.

The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.

Description

This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.

The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.

Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.

Contextual custom dictionary builder with character substitution and word variations for pen-testers

Licensing

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see OWASP Licenses. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.

This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

Project Resources

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.

Installation Package

Source Code

What's New (Revision History)

Documentation

Wiki Home Page

Issue Tracker

Slide Presentation

Video

Project Leader

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.

Project leader's name

Related Projects

This is where you can link to other OWASP Projects that are similar to yours.

OWASP_Code_Project_Template
OWASP_Documentation_Project_Template

Classifications

News and Events

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

[12 Feb 2013] Support for Spanish is now available with this release.
[11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!
[18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
[20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
[30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

FAQs

Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. The point of a document like this are the answers. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'

How can I participate in your project?
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

Acknowledgements
Contributors

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.

The OWASP Tool Project Template is developed by a worldwide team of volunteers. A live update of project contributors is found here.

The first contributors to the project were:

Colin Watson who created the OWASP Cornucopia project that the template was derived from
Chuck Cooper who edited the template to convert it from a documentation project to a Tool Project Template
YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES

Road Map and Getting Involved

A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.

Roadmap
As of November, 2013, the highest priorities for the next 6 months are:

Complete the first draft of the Tool Project Template
Get other people to review the Tool Project Template and provide feedback
Incorporate feedback into changes in the Tool Project Template
Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add

Internationalization Support
Additional Unit Tests
Automated Regression tests

Getting Involved
Involvement in the development and promotion of Tool Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

Coding
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
Localization
Are you fluent in another language? Can you help translate the text strings in the Tool Project Template into that language?
Testing
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
Feedback
Please use the Tool Project Template project mailing list for feedback about:

What do like?
What don't you like?
What features would you like to see prioritized on the roadmap?

Minimum Viable Product

This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.

The Tool Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

Project About
Addtional Instructions for making changes:

The About 'tab' on that page is done with a MediaWiki template. If you log into the wiki page for your project and click the "Edit" button/link/tab in the top-right between 'Read' and 'View History', you'll see the edit page for the main body of your project page.

If you scroll down below the form to edit that page (below the "Save page", "Show preview", "Show changes" buttons, you'll see some text with a triangle in front of it reading "Templates used on this page:" A list will expand if you click on the triangle/text to show the templates that make up this page. The one you want is the "Projects/OWASP Example Project About Page" - click the (edit) next to this to edit that template. The direct link is: https://www.owasp.org/index.php?title=Projects/OWASP_Example_Project_About_Page&action=edit

The template takes 'input' that are key/value pairs where you'll need to edit the stuff after the equals (=) like:
project_name =Place your project name here.

You'd edit the bold bit.

This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project

PROJECT INFO What does this OWASP project offer you?
RELEASE(S) INFO What releases are available for this project?

what
is this project?

Name: OWASP SecureTea Tool Project

Purpose: The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.

License: OWASP SecureTea Project is free software, released under the GNU GPL v3 License.

who
is working on this project?

Project Leader(s):
Gustavo Nieves Arreaza @

how
can you learn more?

Project Pamphlet: Not Yet Created

Project Presentation:

Mailing list: N/A

Project Roadmap: Not Yet Created

Key Contacts

Contact Gustavo Nieves Arreaza @ to contribute to this project

Contact Gustavo Nieves Arreaza @ to review or sponsor this project

Contact the GPC to report a problem or concern about this project or to update information.

current release

1.0

last reviewed release

1.0

other releases

Talk:OWASP WASC Distributed Web Honeypots Project

2018-04-30T12:33:47Z

2018-04-13T00:14:40Z

Claudia casanovas: /* OWASP Tool Project Template */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.


==OWASP Tool Project Template==

This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.


The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.

DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, mostly automatic and battle tested during our Free Practical DevSecOps Course

DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices.

Features:

Easy to setup environment with just one command “vagrant up”

Teaches Security as Code, Compliance as Code, Infrastructure as Code

With built-in support for CI/CD pipeline

OS hardening using ansible

Compliance as code using Inspec

QA security using ZAP, BDD-Security and Gauntlt

Static tools like bandit, brakeman, windbags, gitrob, gitsecrets

Security Monitoring using ELK stack.

==Description==

This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.


The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.

Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.

Contextual custom dictionary builder with character substitution and word variations for pen-testers

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.


[https://github.com/SamanthaGroves Installation Package]

[https://github.com/SamanthaGroves Source Code]

[https://github.com/SamanthaGroves What's New (Revision History)]

[https://github.com/SamanthaGroves Documentation]

[https://github.com/SamanthaGroves Wiki Home Page]

[https://github.com/SamanthaGroves Issue Tracker]

[https://github.com/SamanthaGroves Slide Presentation]

[https://github.com/SamanthaGroves Video]

== Project Leader ==

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.


Project leader's name

== Related Projects ==

This is where you can link to other OWASP Projects that are similar to yours.

* [[OWASP_Code_Project_Template]]
* [[OWASP_Documentation_Project_Template]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

* [12 Feb 2013] Support for Spanish is now available with this release.
* [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!
* [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
* [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

|}

=FAQs=



Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'


==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==



The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.


The OWASP Tool Project Template is developed by a worldwide team of volunteers. A live update of project [https://github.com/OWASP/Security-Principles/graphs/contributors contributors is found here].

The first contributors to the project were:

* [https://www.owasp.org/index.php/User:Clerkendweller Colin Watson] who created the OWASP Cornucopia project that the template was derived from
* [https://www.owasp.org/index.php/User:Chuck_Cooper Chuck Cooper] who edited the template to convert it from a documentation project to a Tool Project Template
* '''YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES'''

= Road Map and Getting Involved =



A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.


==Roadmap==
As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Tool Project Template
* Get other people to review the Tool Project Template and provide feedback
* Incorporate feedback into changes in the Tool Project Template
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
Involvement in the development and promotion of Tool Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the Tool Project Template into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Minimum Viable Product=


This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.


The Tool Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

=Project About=
Addtional Instructions for making changes:

The About 'tab' on that page is done with a MediaWiki template. If you log into the wiki page for your project and click the "Edit" button/link/tab in the top-right between 'Read' and 'View History', you'll see the edit page for the main body of your project page.

If you scroll down below the form to edit that page (below the "Save page", "Show preview", "Show changes" buttons, you'll see some text with a triangle in front of it reading "Templates used on this page:" A list will expand if you click on the triangle/text to show the templates that make up this page. The one you want is the "Projects/OWASP Example Project About Page" - click the (edit) next to this to edit that template. The direct link is: https://www.owasp.org/index.php?title=Projects/OWASP_Example_Project_About_Page&action=edit

The template takes 'input' that are key/value pairs where you'll need to edit the stuff after the equals (=) like:
project_name =Place your project name here.

You'd edit the bold bit.



This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


{{:Projects/OWASP_Example_Project_About_Page}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

2018-03-21T20:03:04Z

Claudia casanovas:

__NOTOC__

Summary of Funding Requests that are sourced from the Foundation's OWASP On The Move 'Community Engagement' Budget, or, from Chapters or Projects with Budgets who have graciously and generously donated a portion of their own budget to assist under-funded chapters & projects in the OWASP Community.

This page contains the original request and its status. For questions on how this funding is approved or how to request funding, visit: the [[Funding|OWASP Funding]] page. Note only WIKI Admins can edit this page.

=2017 Community & Project Engagement Payments=
==2017 Community Engagement Allocations / Payments==

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="190" | Name (Requester)
! scope="col" width="450" | Chapter/Project Name
! scope="col" width="450" | Event or Activity
! scope="col" width="100" | Approved Amt
! scope="col" width="80" | Funding Request #
! scope="col" width="100" | Funded From
! scope="col" width="100" | Paid Amt & Reimbursement #
|-
|12/21/17
|Volodymyr Styran
|OWASP Kyiv
|Chapter Meetings
|399.6
|378
|Chapter Outreach
|Approved
|-
|11/21/17
|Dawn Aitken
|Co-Marketing Agreement #1572
|IoT Tech Expo North America - #1572 - flyers and shipping
|$102.40
|N/A
|Event Outreach
|Approved
|-
|11/16/17
|Prashant Kv
|OWASP Bangalore
|Children's track at Null Con
|$1,000
|266
|Chapter Outreach
|
|-
|11/14/17
|Takaharu Ogasa
|OWASP Hokushinetsu
|Bring a speaker to the chapter
|$337.34
|261
|Chapter Outreach
|
|-
|11/8/17
|Apollin Moyo
|OWASP Cotonou
|Bring a trainer to teach an Opensource security project
|$1,000
|n/a
|Chapter Outreach
|
|-
|11/02/17
|Satyam Rastogi
|OWASP Kumaun Region
|owasp kumaum meet 2017
|$1,000
|142
|Chapter Outreach
|
|-
|9/29/17
|Dawn Aitken
|Co-marketing Agreement #1623
|EDGE2017 - flyers and shipping cost
|$53.38
|N/A
|Event Outreach
|Approved
|-
|8/23/17
|Ade Yoseman Putra
|OWASP Jakarta
|OWASP Jakarta Chapter
|$500
|
|Chapter Outreach
|
|-
|7/27/17
|Andrew Smith
|OWASP Knoxville
|Chapter meetings
|$500
|117
|Chapter Outreach
|
|-
|7/10/17
|Janine Medina
|OWASP Brooklyn
|Represent at Defcon (x2)
|$1000 ($500 each)
|114
|
|
|-
|6/29/17
|Ankit Dixit
|OWASP Varanasi
|Camera to film meetings
|$200
|101
|Chapter Outreach
|
|-
|6/29/17
|Markus Örebrand
|OWASP Northern Sweden
|Bring in a speaker
|$400
|100
|Chapter Outreach
|
|-
|6/29/17
|Harsh Bothra
|OWASP Jaipur
|OWASP Chapter Event
|$500
|108
|Chapter Outreach
|
|-
|6/29/17
|Urvin Mistry
|OWASP Surat
|OWASP Chapter meetings and swag
|$500
|0110
|Chapter Outreach
|Approved
|-
|6/27/17
|Prashant Venkatesh
|OWASP Bangalore
|OWASP track at c0c0n
|$1,000.00
|106
|Chapter Outreach
|Approved
|-
|6/12/17
|Dawn Aitken
|Co-Marketing Agreement - #1504
|Goto Amsterdam - swag and shipping - pens, stickers, stress balls, bee beanies, notepads, drawstring backpacks, flyers
|$422.02
|N/A
|Event Outreach
|Approved
|-
|6/7/17
|Dawn Aitken
|Co-Marketing Agreement - #1532
|BSides London - swag and shipping - rockets, stress balls, stickers, drawstring backpacks, bee beanies, pens
|$407.16
|N/A
|Event Outreach
|Approved
|-
|6/5/17
|Dawn Aitken
|Co-Marketing Agreement - #1538
|Cyber Resilience Summit, Brussels
|$29.09
|N/A
|Event Outreach
|Approved
|-
|6/4/17
|Dawn Aitken
|Co-Marketing Agreement - #1417
|Techno Security & Digital Forensics Conference - flyers and shipping
|$142.24
|N/A
|Event Outreach
|Approved
|-
|6/1/17
|Dawn Aitken
|Co-Marketing Agreement - #1588
|IoT Tech Expo Europe 2017, Berlin
|$62.97
|N/A
|Event Outreach
|Approved
|-
|5/22/17
|Tiffany Long
|OWASP El Salvador
|LatAm Tour
|$193.13
|n/a
|Chapter Outreach
|193.13
<nowiki>#</nowiki>2826
|-
|5/31/17
|Dawn Aitken
|Co-Marketing Agreement - #1526
|(ISC)2 Secure Summit NORDICS - Flyers and Shipping
|$25.14
|N/A
|Event Outreach
|Approved
|-
|5/27/17
|Dawn Aitken
|Co-Marketing Agreement - #1573
|Darkmira Tour PHP 2017 - Swag and Shipping - pens, stress balls, bee beanies, drawstring backpacks, water bottles, stickers, polo shirt
|$490.50
|N/A
|Event Outreach
|Approved
|-
|5/25/17
|Dawn Aitken
|Co-Marketing Agreement - #1480
|SECON 2017 - Swag and Shipping - stress balls, pens, bee beanies, drawstring backpacks, water bottles, stickers
|$219.07
|N/A
|Event Outreach
|Approved
|-
|5/15/2017
|Magno Logan
|OWASP Sao Paulo
|London Project Summit
|$1000
|57
|Chapter Outreach
|Approved
|-
|5/12/17
|Dawn Aitken
|Co-Marketing Agreement - #1575
|CyberPortex - Software Assurance & Application Security Conference - swag and shipping- postcards and shirt
|$51.16
|N/A
|Event Outreach
|Approved
|-
|5/2/2017
|Koffi Lamgnane
|OWASP Burkina Faso
|Camera for meetings
|$1194
|n/a
|Chapter Outreach
|1194
<nowiki>#</nowiki>2797
|-
|5/2/2017
|Paulino Calderon
|OWASP Riviera Maya
|LatAm Tour Speaker supplement
|$64.20
|n/a
|Chapter Outreach
|Approved
|-
|4/27/2017
|Mohd Fazli Azran
|OWASP Malaysia
|OWASP Chapter
|$320
|0075
|Chapter Outreach
|Approved
|-
|4/27/2017
|Mane Piperevski
|OWASP Macedonia
|MeetUp acct
|$30
|0078
|Chapter Outreach
|Approved
|-
|4/13/2017
|Ade Yoseman Putra
|OWASP Jakarta
|Black Hat Asia
|$461.37
|2902
|Community Outreach
|Approved
<nowiki>#</nowiki>2902
|-
|4/12/2017
|Dawn Aitken
|OWASP Macedonia
|Swag for chapter
|$142.72
|70
|Chapter Outreach
|Approved
|-
|4/12/2017
|Matt Tesauro
|Outreach
|STEM exibition
|$200/USD
|0072
|Event Outreach
|
|-
| 4/4/2017 || Dawn Aitken || Co-Marketing Agreement - #1381 || QuBit Conference 2017 - 160 OWASP "About Us" flyers and shipping cost || $47.81/USD || N/A || Event Outreach || Approved
|-
| 4/4/2017 || Dawn Aitken || Co-Marketing Agreement - #1294 || Cyber Central - 200 OWASP "About Us" flyers and shipping cost || $55.68/USD || N/A || Event Outreach || Approved
|-
|3/28/2017
|Mane Pipervski
|OWASP Macedonia
|meet up
|$30
|61
|Chapter Outreach
|Approved
|-
|3/28/2017
|Debolina Khasnobish
|OWASP Durgapur
|Chapter event
|$500
|53
|Chapter Outreach
|Approved
|-
|3/28/2017
|Avi Douglin
|OWASP Israel
|Project Summit London
|$1000
|9651
|Chapter Outreach
|Approved
|-
| 3/28/2017 || Dawn Aitken || Co-Marketing Agreement - #1487 || Black Hat Asia 2017 - Swag - $293.95, DHL Shipping - $72.21 - Printing Flyers - $493.74 - OWASP Tablecloth - $174.00, Lead Scanner - $400.00 || $1,433.90/USD || N/A || Event Outreach || Approved
|-
|3/27/2017
|Magno Logan
|Sao Paulo
|Project Summit London
|$1000
|9720
|Chapter Outreach
|Approved
|-
| 3/21/2017 || Dawn Aitken || Co-Marketing Agreement - #1511 || (ISC)2 Secure Summit Benelux - 200 OWASP "About Us" flyers and shipping cost || $51.56/USD || N/A || Event Outreach || Approved
|-
| 3/7/2017 || Sven Schleiere || OWASP Mobile Security Guide || Project Summit London || $1,000.00/USD || #56 || Project Outreach ||Approved
|-
| 3/7/2017 || Bernhard Mueller|| OWASP Mobile Security Guide || Project Summit London || $1,000.00/USD || #56 || Project Outreach ||Approved
|-
|3/1/2017
|Harsh Bothra
|OWASP Jaipur
|OWASP-Jaipur WAPT '17 Event and other spending.
|$500
|47
|Chapter Outreach
|Approved
|-
|2/27/2017
|Adrian Winkles
|OWASP Cambridge
|London Summit
|$1,400
|9603
|Chapter Outreach
|Approve
|-
| 2/6/2017
| Dawn Aitken
| Co-Marketing Agreement - #1395
| SC Congress London - Swag (stickers, pens, stress balls, rockets, bee beanies, pint glasses) and shipping costs
| $250.35 USD
| N/A
| Event Outreach
| Approved
|-
|2/3/2017
|Trevor Sibanda
|OWASP Bulawayo
|OWASP Bulawayo Chapter Cybersecurity Indaba
|$500
|42
|Event Outreach
|Approved
|-
| 1/23/17 || Dawn Aitken || Co-Marketing Agreement - #1212 || IoT Tech Expo - London - OWASP Flyers printing and shipping costs || $39.58/USD || N/A || Event Outreach || Approved
|-
|
|}

=2016 Community & Project Engagement Payments=
==2016 Community Engagement Allocations / Payments==
'''2016 Budget''' = $45,000 (Fund availability by quarter is $10-12K).

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="190" | Name (Requestor)
! scope="col" width="450" | Event or Activity
! scope="col" width="100" | Approved Amt
! scope="col" width="100" | Funded From
! scope="col" width="100" | Paid Amt
|-
| Jan 11, 2016 || Azeddine Islam Mennouchi || Speaking at [http://www.droidcon.tn/owasp-top-10-security-for-mobile/ DroidCon Tunisia] || $500 USD || Comm Engagement||Pending
|-
| Jan 17, 2016 || Ahmed M Neil ||Speaking presentation in Prague during 6-7 April to represent OWASP. Reviewed & approved by P.Ritchie || $500 USD || Comm Engagement||$500
|-
| Feb 2, 2016 || Rahul Yadav ||Funding for a conference room and refreshments for attendees of up to $500. Reviewed & approved by N.Whysel || $500 USD || Comm Engagement||$512.64
|-
| Feb 12, 2016 || Nitin Pandey ||Funding for OWASP Lucknow International InfoSec Meet on January 10, 2016 at PNBIIT, Lucknow. ~ 60Attendees, photos sent. Reviewed & approved by P.Ritchie || $1000 USD || Comm Engagement||$1030
|-
| Feb 22, 2016 || EU Leadership ||Merchandise & DHL Shipping, 1000 Rockets for EU events. Approved by K.Hartmann || $2632 USD || Comm Engagement||$2632.26
|-
| Feb 23, 2016 ||Martin Knobloch || OWASP merchandise to be printed locally by the KNURE Student Chapter in Kharkiv. Reimbursement request will come from Vadym Chaikian of the KNURE Student Chapter. Approved by N.Whysel || $200-250 USD || OWASP Netherlands Chapter allocation||Pending
|-
| Feb 25, 2016||Trevor Sibanda||Travel expenses (accommodations in Harare and bus rental) for university tour. Approved by N.Whysel||$1000 USD||Split between OWASP Bulawayo and Austin-Africa allocation || Pending
|-
| Feb. 29, 2016 ||Kelly Santalucia || AppSecEU 2016 post cards for outreach event (#1041) Approved by K. Santalucia || $200 USD || Comm Engagement ||Pending
|-
| Mar 4, 2016 ||Narenda Choyal || Up to $500 USD for Meetup Account, Business Cards(500), OWASP Shirt(2), Stickers(Quantity 125), OWASP TShirts(Quantity 30). Approved by N.Whysel || $500 USD || OWASP Mumbai allocation || Pending
|-
| Mar 9, 2016 ||John-Patrick Lita || Request for $9500USD by JP to support 3 day Conference in Philipphines. Paul & Staff reviewed, proposal incomplete. Returned request to JP asking for complete budget on Income & expense before determining what amount is needed from Foundation to make it 'break-even'. || $9500 USD || TBD || Pending better info.
|-
| Mar 14, 2016||Katy Anton||Request for up to $500 for speaker travel for a chapter event approved by N. Whysel||$500||OWASP Bristol plus balance from Community Engagement||Pending
|-
| Mar 16, 2016||Jatin Sethi||The expenditure for 'First Meet (Venue, Stationary & Refreshment) Dehradun Chapter India'||$200||Community Engagement||Approved
|-
| Mar 17, 2016||Adrian Winckles||Merchandise order for ISC(2) EMEA Secure event in Cambridge, UK. Approved by N.Whysel||$500||Cambridge chapter allocation and Comm Engagement || Pending
|-
| Mar 23, 2016||Sumit Ojha||Business Cards for 2 People, 20 OWASP printed Tshirt for members and volunteers. stationary and refreshment for attendees. and gifts for speakers. Approved by N.Whysel||Up to $500||Gwalior chapter allocation||Pending
|-
|-
| Mar 23, 2016||John Eto||$90 for 6 months Meetup.com account. Approved by N. Whysel||$90||OWASP Saint Louis Allocation||Pending
|-
| Mar 31, 2016||Debolina Khasnobish||Up to $500 USD for chapter meeting Approved by K Hartmann||$500||Community Funding||Pending
|-
| March 31, 2016||Kelly Santalucia||About Us flyers for outreach at Connected Security Expo in Las Vegas, NV||$27.45||Community Engagement||Approved
|-
| April 15, 2016||Tony Turner||Up to $500 USD after chapter portion for May chapter meeting Approved by K Hartmann||$500||Community Funding||Pending
|-
| April 15, 2016||Aditya Kushwaha||Up to $500 USD after chapter portion for chapter meeting Approved by K Hartmann||$500||Community Funding||Pending
|-
| April 18, 2016||Trevor Sibanda||Up to $100 USD for Bulawayo Approved by K Hartmann||$100||Community Funding||Pending
|-
| April 18, 2016||Trevor Sibanda||Up to $300 USD for Bulawayo Approved by K Hartmann||$300||Community Funding||Pending
|-
| May 4, 2016||Kelly Santalucia||AppSecEU 2016 post cards for outreach at for MIS Training 13th Annual CISCO Summit & Roundtable in Denmark||$64.50||Community Engagement||Approved
|-
| May 11, 2016||Kelly Santalucia||AppSecUSA 2016 postcards for outreach at One2One Summit in New Orleans, LA||$22.53||Community Engagement||Approved
|-
| May 11, 2016||Kelly Santalucia||AppSecEU 2016 post cards for outreach at (ISC)2 Secure Zurich||$67.10||Community Engagement||Approved
|-
| May 17, 2016||Kelly Santalucia||AppSecEU 2016 post cards for outreach at (ISC)2 Secure Scandinavia||$38.29||Community Engagement||Approved
|-
| May 17, 2016||Kelly Santalucia||AppSecEU 2016 post cards for outreach at Questex Asia Info Security Conference in Singapore||$38.04||Community Engagement||Approved
|-
| June 5, 2016 ||Kelly Santalucia||Flyers for Techno Security & Forensics Investigation Conference in Myrtle Beach, SC||$69.45||Community Engagement||Approved
|-
| June 14, 2016||Ahmed Neil||$500 funding approved to speak at Nordic IT Security conference October 26 - KBH||$500||Community Engagement||Approved
|-
| June 22, 2016||Kelly Santalucia||AppSecEU 2016 post cards (ISC)2 SecureFrance||$36.45||Community Engagement||Approved
|-
| June 30, 2016||Kelly Santalucia||OWASP Flyers for (ISC)2 SecureAustria||$46.95||Community Engagement||Approved
|-
| June 30, 2016||Kelly Santalucia||OWASP Flyers, AppSecUSA 2016 post cards, swag for Cyber Security Summit in Washington,DC ||$ ||Community Engagement||Approved
|-
| July 8, 2016||Falgun Rathod||Chapter meeting Gandhinagar chapter ||$500 ||Community Engagement||Approved KBH
|-
|December 16, 2016
|Sherif Koussa
|OWASP Ottowa
|$450
|Community Engagement
|Approved
|-
|December 20, 2016
|Jatin Sethi
|OWASP Dehradun AppSec Enthusiast Event
|$100
|Community Engagement
|Approved
|}

==2016 Project Funding Allocations / Payments==
'''2016 Budget''' = $36,000 (Fund availability by quarter is $9-10K). By policy, Projects with approved budgets will always have spending pulled from that source first. This funding is for new or under-funded projects.
See [https://docs.google.com/spreadsheet/pub?hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&hl=en_US&gid=3 Project Budgets] on the Wiki for current status of approved Project Budgets.

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="190" | Name (Requestor)
! scope="col" width="100" | Project
! scope="col" width="350" | Event or Activity
! scope="col" width="100" | Approved Amt
! scope="col" width="100" | Funded From
! scope="col" width="100" | Paid Amt
|-
| Jan.15, 2016 || Abraham Aranguren ||OWTF|| Development Contractor for OWTF Quality Release project. Proposal submitted, Claudia & P.Ritchie reviewed & approved || $1,500 USD ||OOTM-Projects||Pending
|-
| Feb 22, 2016 || Larry Conklin ||Code Review Guide|| Graphics work & edits by Hugo. P.Ritchie approved || $1,008 USD ||Comm Engagement||$1008
|-
| Mar 1, 2016 || Azzeddine Ramrami ||CSRFGuard|| Speaker travel, Paris to Qatar, to The Underground Economy 2016. N.Whysel approved || $1000 USD ||$500 from CSRFGuard Project and $500 from Comm Engagement||Pending
|}

=2015 Community Engagement Payments=
==2015 Community Engagement Allocations/Payments==
'''2015 Budget''' = $60,000 (Fund availability by quarter is $15,000).

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="250" | Name (Requestor)
! scope="col" width="450" | Event or Activity
! scope="col" width="100" | Amount
! scope="col" width="130" | Funded From
|-
| Jan 6, 2015 || Kelly Santalucia || CodeMash 2015 || $481.24 USD || Comm Engagement
|-
| Jan 8, 2015 || Kelly Santalucia || ICCS 2015 || $637.87 USD || CommEngagement
|-
| Jan 12, 2015 || Nitin Pandey || Speaker Support for OWASP Lucknow / DEFCON event, 2 Speakers x $500 || $1,000.00 USD || CommEngagement
|-
| Jan 13, 2015 || John Patrick Lita-Chapter Founder || Support for OWASP Manila Chapter Meeting, Q1 2015. Merchandise and multi-city tour/training to recruit participation || $1022.00 USD|| CommEngagement
|-
| Feb. 6, 2015 || Jim Manico || Speaker & Trainer travel expenses for Philippines Chapter || $500.00 USD|| CommEngagement
|-
| Feb. 6, 2015 || Minhaz AV || Speaker & Travel expense for OWASP & CSRF talk at FOSSASIA 15 at Singapore || $500 USD || CommEngagement
|-
| Feb. 10, 2015 || Yousif Hussin || OWASP Merchandise for new Sheffield Chapter || $300 USD || CommEngagement
|-
| Feb. 19, 2015 || Israel Bryski || New Chapter 'JumpStart' funding for Brooklyn || $500 USD || CommEngagement
|-
| Feb. 20, 2015 || Jim Manico || Speaker role @CodeMash2015-Airfare reimbursement || $1000 USD || CommEngagement
|-
| Feb. 23 - 27, 2015 || Kelly Santalucia || SecAppDev 2015 || $ ||CommEngagement
|-
| March 3, 2015 || Kelly Santalucia || SC Congress London 2015 || $218.68 USD || Comm Engagement
|-
| March 16 -17, 2015 || Kelly Santalucia || Insider Threat Summit 2015 || $25.90 USD || CommEngagement
|-
| March 24 - 27, 2015 || Kelly Santalucia || BlackHat Asia 2015 || $286.00 USD || CommEngagement
|-
| March 25, 2015 || Rio Okada || Expense for 4 volunteers dinner at BlackHat Asia 2015 in Singapore || $247.10 USD || CommEngagement
|-
| March 31, 2015 || Kelly Santalucia || (ISC)2 SecureIreland || $50.11 USD || CommEngagement
|-
| April 8, 2015 || Kelly Santalucia || Cyber Secure Pakistan 2015 || $270.00 USD || CommEngagement
|-
| April 16, 2015 || Yousif Hussin || Funding for new Chapter meet & speakers || $250 USD || CommEngagement
|-
| April 22 - 23, 2015 || Kelly Santalucia || AppsWorld Germany || $275.26 USD || CommEngagement
|-
| April 30, 2015 || Ahmed Mohamed Neil || Speakers Reimbursement for Prague event || $500 USD || CommEngagement
|-
| May 12 - 13, 2015 || Kelly Santalucia || AppsWorld North America || $20.40 USD || CommEngagement
|-
| May 13, 2015 || Kelly Santalucia || Dev Talks 2015 Cluj || $154.97 USD || CommEngagement
|-
| May 15, 2015 || Kelly Santalucia || BSides Knoxville || $240.08 USD || CommEngagement
|-
| May 16 -17, 2015 || Kelly Santalucia || ICCS 2015 || $24.45 USD || CommEngagement
|-
| May 19 - 21, 2015 || Kelly Santalucia || Cloud Security World 2015 || $16.26 USD || CommEngagement
|-
| May 21, 2015 || Azzeddine Ramrami || Speaker travel expense for BDCA2015 || $400 USD || CommEngagement
|-
| May 26 - 29, 2015 || Kelly Santalucia || Hack in the Box || $508.57USD || CommEngagement
|-
| June 8, 2015 || Fabio Cerullo || Speaker travel expense for Barcelona Chapter meeting || $685 Euro || CommEngagement
|-
| June 10 -11, 2015 || Kelly Santaluica || SC Congress Toronto || $536.03 USD || CommEngagement
|-
| June 11, 2015 || Kelly Santalucia || Dev Talks 2015 Romania || $500.00 USD || CommEngagement
|-
| June 11 - 12 2015 || Kelly Santalucia || Cybit || $189.30 USD || CommEngagement
|-
| June 12 2015 || Yune Sung || Korea Day || $500 USD || CommEngagement
|-
| June 12 2015 || Laura Guazzelli || Gainesville, FL chapter || $500 USD || CommEngagement
|-
| June 12 2015 || Bill Semph || Speaker accommodation expense outreach speaking engagement || $400 USD || CommEngagement
|-
| June 12 2015 || Siva Kumar || New Chapter Support for Madurai Chapter || $400 USD || CommEngagement
|-
| July 5 2015 || Akshay Sharma || New Chapter Support for Bhopal Chapter || $500 USD || CommEngagement
|-
| July 6, 2015 || Azzeddine Ramrami || Speaker travel expense for Project Summit at AppSec-USA. Project summit to fund $1000, Foundation to fund balance of $250 || $250 USD || CommEngagement
|-
| July 8, 2015 || Timur kHrotko || Speaker travel expenses for up to 2 speakers at OWASP Track at Hackivity - non OWASP event. Update Sept.29 only ~$120USD of this amount needed. || $1000 USD || CommEngagement
|-
| July 9, 2015 || Magno Logan || Speaker travel expenses for up to 2 speakers at JampaSec 2015 - non OWASP event. Approved at $1k, actual expense $847 || $847 USD || CommEngagement
|-
| July 28 - 29, 2015 || Kelly Santalucia & John Patrick Lita || (ISC)2 Security Congress APAC 2015 || $659.21 USD || CommEngagement
|-
| July 13, 2015 || Johanna Curiel/Projects || Shutterstock subscription to create flyers || $249 USD || CommEngagement
|-
| July 20 - 26, 2015 || Kelly Santalucia || EuroPython 2015 || $300.92 || CommEngagement
|-
| July 16, 2015 || Colin Watson || 20 decks of Cards to be used to promote project || $191 || CommEngagement
|-
| July 31, 2015 || Kelly Santalucia || Africahackon || $494.98 USD ||Comm Engagement
|-
| August 3, 2015 || Kelly Santalucia || BSides LV 2015 || $ ||CommEngagement
|-
| August 3, 2015 || Kelly Santalucia ||Blackhat USA 2015 || $ ||CommEngagement
|-
| August 12 2015 || Bill Semph || Bringing in Speaker for Chapter meeting || $500 USD || CommEngagement
|-
| August 27 2015 || Mateo Martinez || Special funding request for bringing underfunded LATAM Chapter leaders to the Rio de la Plata OWASP event. Up to $1,000 not to exceed $500 per person. Nov.9 released $500 to 1st requestor, Camilo. || $1,000 USD || CommEngagement
|-
| August 31, 2015 || Timothy DeBlock || New Chapter-Columbia, So.Carolina 1st meeting reimbursement || $50 USD || CommEngagement
|-
| September 4, 2015 || Kate Hartmann || Summer of Code shirts for students and mentors || $400 USD || CommEngagement
|-
| September 9, 2015 || Jonathan Carter || Mobile Top 10 business cards || $30 USD || CommEngagement
|-
| September 14, 2015 || Gary Robinson || Belfast chapter meeting space. Actual expense 106GBP || $160 USD || CommEngagement
|-
| September 14, 2015 || Trevor Sibanda || New Chapter Support for Bulawayo Chapter. OWASP Merchandise. P.Ritchie Approved || $442 USD || CommEngagement
|-
| September 14, 2015 || Nitin Pandey || Chapter Support for Lucknow Chapter on-site meeting. P.Ritchie Approved. Actual = $490 || $340 USD || CommEngagement
|-
| September 15, 2015 || Matt Tesauro || Travel expense-OWASP Speaker @ Velocity Conf. for Developers & DevOps. Requested $1,970, P.Ritchie Approved $1000 || $1.000 USD || CommEngagement
|-
| September 28, 2015 || Nitin Pandey || Travel expense-OWASP Speaker @ HAKON Requested $450, K. Hartmann approved $500 - request cancelled by Nitin 10/02/2015 KH|| $450 USD || CommEngagement
|-
| September 29, 2015 ||Aurelijus Stanislovaitis|| Speaker Travel expense for Lithuania Chapter. Requested $750, P.Ritchie approved $500 per policy from Foundation funds. Other funding possible from owasp EEE event sponsorships || $500 USD || CommEngagement
|-
| October 7, 2015 ||Apollin Moya|| New Chapter Meeting Expense-Cotoun, Benin Africa held Sep30. Approved N.Whysel per OWASP policy || $498 USD || CommEngagement
|-
| October 8, 2015 || Kelly Santalucia || Daggercon 2015 || $503.91 USD || Community Engagement
|-
| October 9, 2015 ||Alexander Antukh|| Speaker travel to EEE event - expenses above Russia chapter balance - KBH|| $250 || CommEngagement
|-
| October 9, 2015 ||John Patrick Lita|| Speaker travel & booth costs for 'Hack the North' event, Philippines. Pre-Approved P.Ritchie|| $500 || CommEngagement
|-
| October 12, 2015 ||Jerry Gamblin|| New Chapter meeting expenses. Pre-Approved KBH. Actual expense $504|| $500 || CommEngagement
|-
| October 12-13, 2015 ||Kelly Santalucia|| Middle East Information Security Summit 2015 || $71.84 USD || CommEngagement
|-
| October 14, 2015 || Bill Sempf || Presenting OWASP to [http://www.meetup.com/VTCode/events/226027008/ .NET Developers group] || $400 || CommEngagement
|-
| October 14-15, 2015 || Kelly Santalucia || Source Seattle 2015 || $237.75 USD || CommEngagement
|-
| October 20, 2015 || Kelly Santalucia || SC Congress New York || $258.48 USD || CommEngagement
|-
| October 20-21, 2015 || Kelly Santalucia || (ISC)2 Security Congress EMEA 2015 || $79.61 USD || CommEngagement
|-
| October 20 - 21, 2015 || Kelly Santalucia ||SecTor || $928.64 USD || CommEngagement
|-
| November 10-13, 2015 || Kelly Santalucia || Blackhat EU 2015 || $962.01 USD || CommEngagement
|-
| November 17, 2015 || Kelly Santalucia || SC Congress Chicago || $206.17 USD || CommEngagement
|-
| November 26, 2015 || Patrick LeClerc || Quebec City reach-out events (4). Split cost, Quebec Chapter 66%/Foundation 33%. Approved P.Ritchie, foundation commitment=150 || ~$ 150 USD || CommEngagement
|-
| November 25, 2015 || Gary Robinson || Security Shepherd chapter meeting - KBH|| $300 USD || CommEngagement
|-
| November 17, 2015 || Christo Goosen || Merchandise request for CapeTown chapter - KBH|| $530 USD || CommEngagement
|-
| December 8, 2015 || Tony Turner || Merchandise for Orlando chapter - KBH|| $500 USD || CommEngagement
|-
| December 8, 2015 || Tony Turner || Assistance with venue, food beverages for local developer outreach event - KBH|| $500 USD || CommEngagement
|-
| December 14, 2015 || Gagan Shrivastava || Catering ( snacks, tea and coffee), conference stationary, Banner and some other costs for OWASP Indore's first 3 day OWASP workshop in January 24-26, 2016 || $330 USD ||CommEngagement
|-
| December 27, 2015 || Rahul Yadav || Chapter Meeting support || $500 USD ||CommEngagement
|-
| January 5, 2016 || Kelly Santalucia || CodeMash || $741.17/USD || CommEngagement
|-
|}
''2015 Balance Remaining'' = 'about $34,500' subject to actual expenses as reimbursed from these pre-approvals.

Balance Remaining includes actual spend as well as approved spend pending reimbursement

==2015 Project Funding Allocations / Payments==
'''2015 Budget''' = $50,000 (Fund availability by quarter is $12,500). By policy, Projects with approved budgets will always have spending pulled from that source first. This funding is for new or under-funded projects.
See [https://docs.google.com/spreadsheet/pub?hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&hl=en_US&gid=3 Project Budgets] on the Wiki for current status of approved Project Budgets.

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="150" | Name (Requestor)
! scope="col" width="150" | Project Name
! scope="col" width="450" | Event or Activity
! scope="col" width="100" | Amount
|-
| Feb.17, 2015 || Florian Stahl |||| Publication/Printing of Top 10 Privacy Risks doc for presentation at Global Privacy Summit in Washington DC and at the AppSecEU || 100 Euro
|-
| March 3, 2015 || Johanna Curiel |||| Funding for Project Summit at AppSec-EU May 2015 || $10,000 USD || Foundation funded Project Support
|-
| April, 2015 || Fabio Cerullo|||| Funding for 2015 Summer of Code. Approved at April Board meeting || $12,000 USD || Foundation funded Project Support
|-
| June 10, 2015 || Jim Manico / Andrew van der Stock|||| Funding for ASVS Project Documentation || $1,250 USD || Foundation funded Project Support
|-
| June 24, 2015 || Johanna Curiel||||Funding for Project Summit @ AppSec US 2015 || $10,400 USD || Foundation funded Project Support
|-
| July 2, 2015 || Dinis Cruz||||Funding for Google Cloud Compute instances, i.e. to host the Owbot (as seen on OWASP's Slack) and help with ZaaS (Zap as a Service)Project Summit @ AppSec US 2015. $500 startup, $500 phase 2 || $1,000 USD || Foundation funded Project Support
|-
| Sept 4, 2015 || Claudia Casanovas|| ||Special Volunteer funding request to provide 'Thank You Amazon Cards' to Volunteers participating in Oct-Nov Project Review Jump-Start Program. Approved by P.Ritchie || $1,000 USD Total || Foundation funded Project Support
|-
| Sept 10, 2015 || Steven van der Baan||CTF ||Hardware purchase to support CTF Project & CTF events for OWASP. Approved by P.Ritchie per project leader handbook guidelines || $810 USD || Foundation funded Project Support
|-
| Sept 21, 2015 || M.Coates/J.Marcil||Media Project ||Laptop purchase (3) to support AppSec Conf, Events via Media Project. Approved by P.Ritchie || $2750 USD || Foundation funded Project Support
|-
| || ||Balance Remaining|| ~$10,000|| Balance Remaining
|-
|}

=2014 Community Engagement Payments=

'''2014 Budget''' = $60,000 (Fund availability by quarter is $15,000).

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="250" | Name (Requestor)
! scope="col" width="450" | Event or Activity
! scope="col" width="100" | Amount
|-
| Jan 21, 2014 || Purple Phoenix Media ||Venue for EU Tour 2013 || $463.74 USD (342.83 Euros)
|-
| Jan 23, 2014 || OWASP Foundation ||Venue Deposit for OWASP Free Training at Jillian's in SFO || $5,000.00 USD
|-
| Jan 24, 2014 || OWASP Foundation ||Membership Flyers and Supplies for OWASP Free Training in SFO || $257.48 USD
|-
| Feb 18, 2014 || OWASP Foundation || Amazon gift card for Connector Puzzle Winner || $10.00 USD
|-
| Feb 18, 2014 || Tony Turner || OWASP Lanyards for Bsides Orlando (Orlando OWASP Chapter) || $428.16 USD
|-
| March 11, 2014 || Jonathan Marcil || Banner and Merchandise for Confoo Conference (Montreal OWASP Chapter) || $837.91 USD
|-
| March 17, 2014 || Eoin Keary || Hotel Room for OWASP Free Training at Jillian's in SFO || $975.00 USD
|-
| March 28, 2014 || Tony Turner || OWASP Lanyards for Bsides Orlando (Orlando OWASP Chapter) || $500 USD
|-
| March 28, 2014 || OWASP Foundation || Membership Flyers for Info Sec World Conference & Expo 2014 (Co-Marketing Agreement) || $261.99 USD
|-
| March 28, 2014 || PR with Brains || PR and media support for foundation annoucements || $500.00 USD
|-
| March 31, 2014 || Jonathan Marcil || Notepads, rockets, stressballs, and stickers for NorthSec 2014 || $824.35 USD
|-
| April 11, 2014 || Ahmed Neil || Flight & Hotel for outreach event in Prague || $1098.86 USD
|-
| April 15, 2014 || Mario Heiderich || Projected reimbursement for travel and lodging to speak at OWASP Edinburgh || $500.00 USD
|-
| May 1, 2014 || Glib Pakharenko || Projected reimbursement for travel and lodging for speaker at OWASP Ukraine || $500.00 USD
|-
| May 7, 2014 || Martin Knobloch || Merchandise for HITB 2014 Outreach || $500.00 USD
|-
| May 19, 2014 || Justin Clarke|| Printing Flyers for Outreach Event || $308.53 (180.42 GBP)
|-
| May 22, 2014 || Azzeddine RAMRAMI|| Flight from Paris to Rabat, Morocco to facilitate as an OWASP Partner to the Moroccan Cyber Security Challenge 4th Edition || $514.00 USD
|-
| May 27, 2014 || Mat Caughron|| Merch sent to Kansas City for Kansas City Developer's Conference (Outreach) || $500.00 USD
|-
| June 11, 2014 || Oana Cornea|| Flyers for DevTalks 2014 || $160.00 USD
|-
| July 7, 2014 || Anurag Agarwal|| Reimbursement for flight and travel expenses to speak at Columbus, Ohio chapter meeting || $437.49
|-
| July 8, 2014 || Fabio Cerullo|| [https://www.owasp.org/index.php/Winter_Code_Sprint Initiative - Fall/Winer Code Spring (to be spent by March 2015)] || $5000.00 USD
|-
| Fall 2014 || Asia Tour || Fall 2014 - China (3 chapters), Haerbin, Wuhan, Chengdu, Indonesia, Singapore, Malaysia, Korea, Thailand|| $12,000 USD
|-
| Sept 23, 2014 || Josh Sokol|| OWASP Presence at Univ. of Texas Cybersecurity Awareness event || $500.00 USD
|-
| Sept 29, 2014 || Alexandre Sobrinho|| Speaker funds-Mario Heiderich's visit to Scotland community for a talk on mXSS || $412.30 USD
|-
| Oct 10, 2014 || Azzeddine Ramrami|| OWASP Local Chapter Representation at Morocco Java User Group JMaghreb, Booth & Travel || $1,000.00 USD
|-
| Oct 14, 2014 || Theo Sagoe - OWASP Ghana || Ghana Regional OWASP event - Speakers, Venue, Merchandise-POSTPONED. Merchandise sent for regional community engagement || $1,000.00 USD
|-
| Oct 17, 2014 || Patrick Leclerc-Quebec Chapter w/Ottawa || Presence & Merchandise @ Canadian Hackfest(400) & ICCE (400) || $800.00 USD
|-
| Nov 3, 2014 || Florian Stahl-Project Lead Top 10 Privacy Risks || Speaker/Travel funds- IAPP Global Privacy Summit 4-6 March 2015 in Washington DC. || $500.00 USD
|-
| Nov 25, 2014 || John Patrick Lita-Chapter Founder || Support for OWASP Manila Day - New Chapter support - Funding & Merchandise || $500.00 USD
|-
| Nov 26, 2014 || Carlos Allendes - Honduras Chapter Leader || Speaker Support for OWASP Honduras Day, 2 Speakers x $500 || $1,000.00 USD
|-
| Jan 12, 2015 || Nitin Pandey || Speaker Support for OWASP Lucknow / DEFCON event, 2 Speakers x $500 || $1,000.00 USD
|-
| Jan 13, 2015 || John Patrick Lita-Chapter Founder || Support for OWASP Manila Chapter Meeting, Q1 2015 || $500.00 USD
|-
| Jan 13, 2015 || Fabio Cerullo || Speaker & Trainer travel expenses for FOSSASIA 2015 || $500.00 USD
|}
''2014 Balance Remaining'' = $20,710.19

==2014 Project Payments==
'''2014 Budget''' = $46,000 (Fund availability by quarter is $11,500).

{| border="1" cellpadding="2"
! scope="col" width="100" | Date
! scope="col" width="250" | Name (Requestor)
! scope="col" width="450" | Event or Activity
! scope="col" width="100" | Amount
|-
| Jan 9, 2014 || Samantha Groves (Operations) || Apple Developer Registration || $99.00 USD
|-
| March 26, 2014 || Mordecai Kraushar || Project Speaker at AppSec APAC 2014: Tokyo, Japan || $1,588.08 USD
|-
| March 26, 2014 || Dennis Groves || Project Speaker at AppSec APAC 2014: Tokyo, Japan || $1,515.40 USD
|-
| April 29, 2014 || Hugo Costa || Graphic Design - New Project Icons || $90.00 USD
|-
| May 9, 2014 || Marios Kourtesis || OWTF Project Presenter for Open Source Showcase at AppSec EU 2014: Cambridge, UK || $701.55 USD
|-
| June 3, 2014 || Hugo Costa || Graphic Design - Projects || $270.00 USD
|-
| June 5, 2014 || Johanna Curiel || [https://www.owasp.org/index.php/Proposal_Project_Review_QA_Approach Project Review Framework Beta Testing] || ~$7,000 USD
|-
| June 6, 2014 || Johanna Curiel || Air and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || $836.00 USD
|-
| June 18, 2014 || Oana Cornea || Project Flyers for Outreach || $53.34 USD
|-
| June 2014 || AppSec EU || Project Summit Facilities Costs and Food|| ~$14,000.00 USD
|-
| July 11, 2014 || Jonathan Marcil || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || $738.98
|-
| July 11, 2014 || Enrico Branca || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || $902.94 USD
|-
| July 11, 2014 ||Ivan Buetler || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || ~$633.32 USD
|-
| July 11, 2014 ||Neil Gernon || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || $577.65 USD
|-
| July 11, 2014 || Matt Tesauro || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || $2,259.66 USD
|-
| July 11, 2014 || Gary Robinson || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || $646.52 USD
|-
| July 11, 2014 || Spyros Gasteratos || Travel and Hotel for Project Summit at AppSec Europe 2014: Cambridge, UK || ~$668.32 USD
|-
| July 11, 2014 || Hugo Costa || Graphic Design - Projects || $270.00 USD
|-
| July 31, 2014 || Richard Stallman || AppSec Europe 2014: Cambridge, UK - Speaker/Summit|| ??
|-
| Oct 3, 2014 || Jane O'Connor || Testing guide v4 writing|| $ 771.00
|-
| Oct 3, 2014 || Hugo Costa || Testing guide v4 publication & LuLu placement|| $ 500
|-
|}

''2014 Balance Remaining'' = $11,878.24

<headertabs></headertabs>

User:EPaul

2018-03-14T20:35:54Z

Claudia casanovas: Creating user page for new user.

I'm a senior software developer for (company internal) web applications at Zalando, but not a security specialist in any means.

I was moderator for Cryptography Stack Exchange for almost 4 years (Aug 2011 – June 2015), picking up some cryptography knowledge then.
(https://crypto.meta.stackexchange.com/questions/80/moderator-pro-tem-announcement)

I just wanted to correct some mistakes in the website I noted, not write a full biography here.
For example, the Java class name validation regex in https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository is not just vulnerable to regex DOS attacks (as noted on https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS#Examples and in Wikipedia), but also simply wrong, and fixing the wrongness (escaping the dot) also fixes the evilness of the regex.

User talk:EPaul

2018-03-14T20:35:54Z

Claudia casanovas: Welcome!

March 7, 2018

2018-03-07T17:14:46Z

Claudia casanovas:

Meeting Date: March 7 2018

3:00pm - 4:00pm EST [https://www.timeanddate.com/worldclock/converted.html?iso=20180307T21&p1=16&p2=16&p3=676&p4=136&p5=78&p6=179&p7=224&p8=240&p9=102 Time Converter]

Meeting Location: Virtual

Virtual: GoToMeeting Meeting ID: 861-328-838 - https://global.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
[https://docs.google.com/document/d/1Wu0Pmlsqqp74WnVB8NEvhRP-EHz-jOjZsSzRtm_c-Bw/edit?usp=sharing prior meeting minutes]

REPORTS

OLD BUSINESS

NEW BUSINESS
* Approve SAFEcode.org future cooperation - AJV (Sherif Mansour to discuss, ajv vote to be proxied by Sherif)
* Approve SAFEcode.org document - AJV (Sherif Mansour to discuss, ajv vote to be proxied with Sherif)
* Approve development of an OWASP Global Event Strategy which includes AppSec Asia (Chenxi)
* Approve development of an OWASP Service catalogue for Chapters and Projects. This includes access to short term technical resources such as web designers, technical writers and developers. (Sherif)
* Status update from staff on DefCon cooperation with Jon McCoy. (AJV)
* Status update from staff on AppSec Au Day with Julian Berton. (AJV)
* AppSec Eu 2018 Sponsorship update (Kelly)
** Sold 1 Diamond (sold out), 2 Gold, 5 Silver, 1 Capture the Flag & 1 Lanyard (sold out)
** Total amount sold to date: €62,450.00
*AppSec USA 2018 Sponsorship update (Kelly)
**Sold 1 Diamond (sold out), 3 Platinum, 5 Gold, 2 Silver, & 1 Lanyard
**Total amount sold to date: $211,450
*2018 Corporate Membership (Kelly)
**13 Corporate Membership payments
***2 Premier Members $40k
***11 Contributor Members $55k
***Total amount collected to date: $95k
**3 Contributor Corp Member invoices sent (waiting for payment) $15k
**2 Contributor Corp Member invoice requests submitted. Waiting for Virtual to send invoices $10k
*2018 Project & Program Update
**Google Summer of Code accepted OWASP Foundation to participate for GSOC 2018
***12 OWASP Project Ideas options for Students - [[GSOC2018 Ideas|GSOC 2018 Ideas]]
****Student start to submit their applications on March 12th
****Discussions have kick started between the Project Leaders and Students
***24 Mentors have signed up to support the GSOC 2018
***OWASP RailsGoat Project Restart Kick off will utilize the GSOC 2018 Progra
**Project Reviews:
***2 Project Reviews are listed for APPSEC EU 2018
****OWASP Juiceshop Project
****OWASP DefectDojo Project
**New Project on Boarding was on hold awaiting Harold Blankenship joining OWASP
***Looking forward to working on new project requests with Harold among other exciting improvements to Projects.
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

March 7, 2018

2018-03-07T16:56:43Z

Claudia casanovas:

Meeting Date: March 7 2018

3:00pm - 4:00pm EST [https://www.timeanddate.com/worldclock/converted.html?iso=20180307T21&p1=16&p2=16&p3=676&p4=136&p5=78&p6=179&p7=224&p8=240&p9=102 Time Converter]

Meeting Location: Virtual

Virtual: GoToMeeting Meeting ID: 861-328-838 - https://global.gotomeeting.com/join/861328838

[[International Toll Free Calling Information]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
[https://docs.google.com/document/d/1Wu0Pmlsqqp74WnVB8NEvhRP-EHz-jOjZsSzRtm_c-Bw/edit?usp=sharing prior meeting minutes]

REPORTS

OLD BUSINESS

NEW BUSINESS
* Approve SAFEcode.org future cooperation - AJV (Sherif Mansour to discuss, ajv vote to be proxied by Sherif)
* Approve SAFEcode.org document - AJV (Sherif Mansour to discuss, ajv vote to be proxied with Sherif)
* Approve development of an OWASP Global Event Strategy which includes AppSec Asia (Chenxi)
* Approve development of an OWASP Service catalogue for Chapters and Projects. This includes access to short term technical resources such as web designers, technical writers and developers. (Sherif)
* Status update from staff on DefCon cooperation with Jon McCoy. (AJV)
* Status update from staff on AppSec Au Day with Julian Berton. (AJV)
* AppSec Eu 2018 Sponsorship update (Kelly)
** Sold 1 Diamond (sold out), 2 Gold, 5 Silver, 1 Capture the Flag & 1 Lanyard (sold out)
** Total amount sold to date: €62,450.00
*AppSec USA 2018 Sponsorship update (Kelly)
**Sold 1 Diamond (sold out), 3 Platinum, 5 Gold, 2 Silver, & 1 Lanyard
**Total amount sold to date: $211,450
*2018 Corporate Membership (Kelly)
**13 Corporate Membership payments
***2 Premier Members $40k
***11 Contributor Members $55k
***Total amount collected to date: $95k
**3 Contributor Corp Member invoices sent (waiting for payment) $15k
**2 Contributor Corp Member invoice requests submitted. Waiting for Virtual to send invoices $10k
*2018 Project & Program Update
**Google Summer of Code accepted OWASP Foundation to participate for GSOC 2018
***12 OWASP Project Ideas options for Students - [[GSOC2018 Ideas|GSOC 2018 Ideas]]
****Student start to submit their applications on March 12th
****Discussion have kick started between the Project Leaders and Students
***24 Mentors have signed up to support the GSOC 2018
***OWASP RailsGoat Project Restart Kick off will utilize the GSOC 2018 Progra
**Project Reviews:
***2 Project Reviews are listed for APPSEC EU 2018
****OWASP Juiceshop Project
****OWASP DefectDojo Project
**New Project on Boarding was on hold awaiting Harold Blankenship joining OWASP
***Looking forward to working on new project requests with Harold among other exciting improvements to Projects.
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

GSoC

2018-02-27T07:38:47Z

Claudia casanovas: /* Subscribing as mentor */

'''OWASP is applying to be a Google Summer of Code (“GSoC”) mentoring organization in 2018!'''

Open source software is changing the world and creating the future.

Want to help shaping it? We’re looking for students to join us in making 2018 the best Summer of Code yet!

'''STUDENTS: THE PROPOSAL SUBMISSION PERIOD WILL BE OPEN FROM MARCH 12th thru 27th 2018'''
{| class="wikitable"
|March 12 16:00 UTC
|Student application period begins
|-
|March 27 16:00 UTC
|Student application deadline
|}
[https://summerofcode.withgoogle.com/ '''Google Summer of Code Program Site''']
* OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.
* All students currently enrolled in an accredited institution are welcome to participate in the Google Summer of Code 2018 program, hopefully along with the OWASP Foundation.
* Below you could find all the instructions on how to participate.

== What is GSOC? ==

The [https://developers.google.com/open-source/gsoc/ Google Summer of Code program] (“GSoC”) is designed to encourage student participation in open source development. Through GSoC, accepted student applicants will be paired with OWASP mentors that will guide them through their coding tasks.

Benefits to students include:

* Gaining exposure to real-world software development scenarios
* An opportunity for employment in areas related to their academic pursuits and
* Google will be offering successful student contributors a 5,500 USD stipend, enabling them to focus on their coding projects for three months.

This program is done completely online. Students and mentors from more than 100 countries have participated in past years.
==Instructions common to all participants==

All participants should take a look at the [https://developers.google.com/open-source/gsoc/faq Google Summer of Code Program Site] every now and then to be informed about updates and advice. It is also important to read the [https://developers.google.com/open-source/gsoc/faq Summer of Code FAQ], as it contains useful information.
All participants will need a Google account in order to join the program. You'll save some time if you create one now. Please review the [https://developers.google.com/open-source/gsoc/timeline GSOC 2018 TimeLine]

===Programming Language===

While the majority of OWASP tools are developed using C++/Java, we do accept other languages, including (but not limited to) Python, Ruby and C#. C++ will be accepted for any project. Submissions and ideas for projects in any other language should specifically mention the choice.

==Instructions for students==

Are you a student and want to code for an OWASP project?
Here are the steps and some tips on getting started:

1) Think of a good idea – For reference see
[https://www.owasp.org/index.php/GSOC2018_Ideas GSOC 2018 Ideas].

2) Do some research yourself based on the idea, write up a proposal draft

3) Post it to the mailing list at [https://groups.google.com/forum/#!forum/owasp-gsoc https://groups.google.com/d/forum/owasp-gsoc] for initial discussions with OWASP mentors.

4) Based on feedback, write a full proposal – See template below:
https://www.owasp.org/index.php/GSoC_SAT

5) Submit your proposal to Google from March 12th to March 27th 2018.

Students wishing to participate in GSoC must realize this is a formal commitment to produce code for the selected OWASP Project during three months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we'd like to have candidates who are committed to helping OWASP mission. You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications are welcome.

You should start familiarising yourself with the components that you plan on working on before the start date. OWASP Project Mentors are available on the mailing list https://groups.google.com/d/forum/owasp-gsoc for help.

===General instructions===
First of all, please read the instructions common to all participants and the [https://developers.google.com/open-source/gsoc/faq GSoC FAQ]. Pay special attention to the '''Eligibility''' section of the FAQ.

===Getting in touch===
* Google Group: OWASP Organization Administrators and Mentors are available at https://groups.google.com/d/forum/owasp-gsoc ready to answer any questions and discuss any idea.
* Mailing list: Each project has its own development mailing list (eg. ESAPI: http://lists.owasp.org/pipermail/esapi-dev/). Feel free to subscribe in order to discuss your ideas directly with the project's contributors.
* IRC channel: You can find us at irc.freenode.net channel #owasp-gsoc

===Recommended steps===
* Read Google's instructions for participating
* Take a look at the list of ideas
* Come up with project that you're interested in
* Write a first draft proposal and get someone to review it for you
* Submit it using Google's web interface

Coming up with an interesting idea is probably the most difficult part of all. It should be something interesting for an OWASP Project, and more importantly for you. It also has to be something that you can realistically achieve in the time available to you.

Finding out what the most pressing issues are in the projects you're interested in is a good start. You can optionally join the mailing lists for that project: you can make acquaintance with developers and your potential mentor, as well as start learning the codebase. We recommend strongly doing that and we will look favourably on applications from students who have started to act like Open Source developers.

===Student proposal guidelines===
A project proposal is what you will be judged upon. So, as a general recommendation, write a clear proposal on what you plan to do, what your project is and what it is not, etc. Several websites now contain hints and other useful information on writing up such proposals.
OWASP does not require a specific format or specific list of information, but there is an application template on the OWASP page in Google Melange with some specific points that you should address in your application:
* Who are you? What are you studying?
* What exactly do you intend to do? What will not be done?
* Why are you the right person for this task?
* To what extent are you familiar with the software you're proposing to work with? Have you used it? Have you read the source? Have you modified the source?
* How many hours are you going to work on this a week? 10? 20? 30? 40?
* Do you have other commitments that we should know about? If so, please suggest a way to compensate if it will take much time away from Summer of Code.
* Are you comfortable working independently under a supervisor or mentor who is several thousand miles away, not to mention 12 time zones away? How will you work with your mentor to track your work? Have you worked in this style before?
* If your native language is not English, are you comfortable working closely with a supervisor whose native language is English? What is your native language, as that may help us find a mentor who has the same native language?
* Where do you live, and can we assign a mentor who is local to you so you can meet in a coffee shop for lunch?

After you have written your proposal, you should get it reviewed. Do not rely on the OWASP mentors to do it for you via the web interface: they will only send back a proposal if they find it lacking. Instead, ask a colleague or a developer to do it for you.

===Hints===
'''Submit your proposal early:''' early submissions get more attention from developers for the simple fact that they have more time to dedicate to reading them. The more people see it, the more it'll get known.

'''Do not leave it all to the last minute:''' while it is Google that is operating the webserver, it would be wise to expect a last-minute overload on the server. So, make sure you send your application before the final rush. Also, note that the applications submitted very late will get the least attention from mentors, so you may get a low vote because of that.

'''Keep it simple:''' we don't need a 10-page essay on the project and on you (Google won't even let you submit a text that long). You just need to be concise and precise.

'''Know what you are talking about:''' the last thing we need is for students to submit ideas that cannot be accomplished realistically or ideas that aren't even remotely related to OWASP Projects. If your idea is unusual, be sure to explain why you have chosen OWASP to be your mentoring organisation.

'''Aim wide:''' submit more than one proposal, to different OWASP Projects. We also recommend submitting to more than one organisation too. This will increase your chances of being chosen.

The PostgreSQL project has also released a list of [http://www.postgresql.org/developer/summerofcodeadvice.html hints] that you can take a look.

==Instructions for mentors==
===Ideas===
If you're a developer and you wish to participate in Summer of Code, you can do it in two ways: the first and easiest is to make a proposal in the [https://www.owasp.org/index.php/GSOC2016_Ideas ideas] page. Take a look at what the different OWASP Projects needs or what you feel should have. Feel free to submit ideas even if you cannot elaborate too much on them.

The second possibility is to be a mentor for a more specific idea. If you wish to do that, please read the instructions common to all participants and the Summer of Code FAQ. Also, please contact the project leader for your application or module and get the go-ahead from him/her. Then edit the ideas page, adding your idea.

Your idea proposal should be a brief description of what the project is, what the desired goals would be, what the student should know and your email address for contact. Please note, though, that the students are not required to follow your idea to the letter, so regard your proposal as just a suggestion.

===Mentoring===
If you wish to help us even more, you can be an OWASP mentor. We will potentially assign a student to you who has never worked on such a large project and will need some help. Make sure you're up for the task.
When subscribing yourself as a mentor, please make sure that your application or module maintainer is aware of that. Ask him/her to send the Summer of Code OWASP Administrators an email confirming to know you. This is just a formality to make sure you are a real person we can trust -- the administrators cannot know all active developers by their Google account ID.

If you would like to get an idea of what is involved in being a good mentor, be sure to read the [http://write.flossmanuals.net/gsoc-mentoring/about-this-manual/ mentoring guide].

You will be subscribed to a mailing list to discuss ideas. We will also require you to read the proposals as they come in and you will be allowed to vote on the proposals, according to rules we will publish later.

Finally, know that we will never assign you to a project you do not want to work on. We will not assign you more projects than you can/want to take on either. And you will have a backup mentor, just in case something unforeseen takes place.

===Subscribing as mentor===
To subscribe as mentor, you need to complete a few easy steps.
* Contact the OWASP GSoC administrators to let them know which project you want to mentor for
* Log in to [https://summerofcode.withgoogle.com/ Google Summer of Code Program Site]
* Apply as a mentor for OWASP
* Subscribe to https://groups.google.com/d/forum/owasp-gsoc

'''The current list of GSOC 2018 Mentors are:'''
* Fabio Cerullo
* Kostas Papapanagiotou
* Spyros Gasteratos
* Bjoern Kimminich
* Timo Pagel
*Glenn ten Cate
*Riccardo Ten Cate
*Minhaz
*Ali Razmjo
*Abbas Naderi
*Abraham Aranguren
*Viyat Bhalodia
*Bharadwaj Machiraju
*Sean Auriti
*Sourav Badami Frank Rietta
*Ken Johnson
*Al Snow
*Simon Bennetts
*Rick Mitchell
*Ricardo Pereira
*Spyros Gasteratos

==Instructions for OWASP Project Leaders==
If you are an OWASP Project Leader, you may be contacted by developers in your project about an idea he wants to submit.
You should judge whether the idea being proposed coincides with the general goals for your OWASP Project. If you feel that is not the case, you should reply to your developer and suggest that he modify the proposal.
You do not need yourself to be a mentor, but we would like you to.

==Contact OWASP GSoC Admininstrators==
To reach the OWASP administrators for Summer of Code, please send an email to the GSOC Administrators below.

'''The GSOC 2018 Administrators are:'''

* Kostas Papapanagiotou (konstantinos@owasp.org)
* Claudia Casanovas (claudia.aviles-casanovas@owasp.org)
* Fabio Cerullo (fcerullo@owasp.org)

User:Al.snow

2018-02-22T14:44:54Z

Claudia casanovas: Creating user page for new user.

Long time contributer to GitHub repo OWASP RailsGoat project.
This project was a perfect cross-section of my past web development in Ruby-on-Rails and my new interest in infosec/cybersecurity.

I have attended local OWASP meeting for many years and have learned a lot about the web, open source security, prevention, and attacks.

Previously I focused on working on upstream components (OWASP Top Ten/A9) on Ruby-on-Rails projects.
* Fixing/monitoring security (cve)/static analysis issues,
* Upgrading Rails apps,
* Upgrading gems

User talk:Al.snow

2018-02-22T14:44:54Z

Claudia casanovas: Welcome!

User:Souravbadami

2018-02-15T15:10:46Z

Claudia casanovas: Creating user page for new user.

Open Source Contributor @oppia, @zulip, @duckduckgo. CodeSprint 2017 Student @OWASP . Past @RiteKit, @linkbynet. I love to create things which works and saves at least few minutes of someone's day. I'm not getting more content on the web to right here in this highlighted box. Please bare with me for the shit I've written here ;)

2018-02-12T23:11:29Z

Claudia casanovas: /* OWASP Project Requests */

=OWASP Project Requests=

'''Tips to get you started in no particular order: OWASP HAS BEEN SELECTED BY GOOGLE SUMMER CODE 2018!'''
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''
'''* Read the [[GSoC SAT]] '''
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]
* Contact us through the mailing list or irc channel.
* Check our [https://github.com/OWASP github organization]
==OWASP ZAP==
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.

We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.
===Active Scanning WebSockets===
'''Brief Explanation:'''

ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.

We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.

'''Expected Results:'''
* An plugable infrastructure that allows us to active scan websockets
* Converting the relevant existing scan rules to work with websockets
* Implementing new websocket specific scan rules

''' Getting started: '''

* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.
* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].

'''Knowledge Prerequisites:'''
* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

=== React Handling ===
'''Brief Explanation:'''

ZAP doesnt understand React applications as well as it should be able to.

It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.

'''Expected Results:'''
* ZAP able to explore React applications more effectively
* ZAP able to attack React applications more effectively

''' Getting started: '''

* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.
* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].

'''Knowledge Prerequisites:'''
* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.
'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

=== Automated authentication detection and configuration ===
'''Brief Explanation:'''

Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki>

This is time consuming and error prone.

Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.

'''Expected Results:'''
* Detect login and registration pages
* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible
* An option to completely automate the authentication process, for as many authentication mechanisms as possible

''' Getting started: '''

* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.
* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].

'''Knowledge Prerequisites:'''
* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

=== Zest Text Representation and Parser ===
'''Brief Explanation:'''

Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.

A standardized text representation and parser would be very useful and help its adoption.

'''Expected Results:'''
* A documented definition of a text representation for Zest
* A parser that converts the text representation into a working Zest script
* An option in the Zest java implementation to output Zest scripts text format

''' Getting started: '''

* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.
* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].

'''Knowledge Prerequisites:'''
* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

=== Develop Bamboo Addon ===
'''Brief Explanation:'''

It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]

For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].

'''Expected Results:'''

A Bamboo addon that supports:
* Spidering (using the traditional and Ajax spiders)
* Active Scanning
* Authentication

''' Getting started: '''

* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.
* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].

'''Knowledge Prerequisites:'''
* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

=== Your Idea ===
'''Brief Explanation:'''

ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.

'''Expected Results:'''
* A new feature that makes ZAP even better
* Code that conforms to our Development Rules and Guidelines

''' Getting started: '''

* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.
* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].

'''Knowledge Prerequisites:'''
* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

== OWASP Juice Shop ==

[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.

=== Challenge Pack 2018 ===

'''Brief Explanation:'''

Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.

Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.

'''Expected Results:'''
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])
* Each challenge comes with full functional unit and integration tests
* Each challenge is verified to be exploitable by corresponding end-to-end tests
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.

''' Getting started: '''
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services

'''Knowledge Prerequisites:'''
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.

'''Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator

=== Frontend Technology Update ===

'''Brief Explanation:'''

Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.

'''Expected Results:'''
* High-level target client-architecture overview including a migration plan with intermediary milestones
* Execution of migration without breaking functionality or losing tests along the way
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.

''' Getting started: '''
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services

'''Knowledge Prerequisites:'''
* Javascript, experience with latest Javascript frameworks for frontend, testing and building

'''Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator

=== UI/Graphics Design Update ===

'''Brief Explanation:'''

The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.

'''Expected Results:'''
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons
* Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way

''' Getting started: '''
* Get familiar with the existing HTML views and CSS of the frontend
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites

'''Knowledge Prerequisites:'''
* Strong web and graphic design experience
* Sophisticated HTML and CSS experience

'''Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator

=== Your idea ===

'''Brief Explanation:'''

You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!

''' Getting started '''
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]

'''Expected Results:'''
* A new feature that makes OWASP Juice Shop even better
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.

'''Knowledge Prerequisites:'''
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.

'''Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader

==OWASP Security Knowledge Framework - Chatbot machine learning feature==

=== Brief Explanation ===
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.

The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.

The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.

=== Expected Results ===
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.
# A Chatbot (using existing frameworks) to:
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.
## Based on enriched query fetch relevant information from knowledge base and return.
# An integration to some chat system like Gitter.im, IRC, Slack etc.

=== Knowledge Prerequisites ===
* Programming languages:
** OWASP-SKF API is build in Python 3.6/3.7
** OWASP-SKF Frontend is build with Angular 4 TS
* Machine learning enthusiastic/interest

=== Proposal from student ===
* We want to ask from the student to write a proposal on how to approach the problem we described.
'''Mentors''':

Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]

==OWASP Nettacker==
===Brief Explanation===
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.

if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).

===Getting started===

* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.

'''A Better Penetration Testing Automated Framework'''

===Expected Results===
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.

===Knowledge Prerequisites===

* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.
* Good knowledge of computer security (and penetration testing)
* Knowledge of OS (Linux, Windows, Mac...) and Services
* Familiar with IDS/IPS/Firewalls and ...
* To develop the API you should be familiar with HTTP, Database...

===Mentors===
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]

==OWASP OWTF==
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.
===OWASP OWTF - MiTM proxy interception and replay capabilities===
'''Brief Explanation:'''

The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).

The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible
*ability to intercept the transactions
*modify or replay transaction on the fly
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code
Bonus:
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)

*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)
*Create a browser instance and do the necessary login procedure
*Handle the browser for the URI
*When called to close the browser, do a clean logout and kill the browser instance.
'''Expected results:'''
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''
*CRITICAL: Excellent reliability
*Good performance
*Unit tests / Functional tests
*Good documentation
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.

'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders
===OWASP OWTF - Web interface enhancements===
'''Brief explanation:'''

The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.

For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF

'''Expected results:'''
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''
*'''CRITICAL''': Excellent reliability and performance.
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.

'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders
===OWASP OWTF - New plugin architecture===
'''Brief explanation:'''

The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.

This issue is documented in detail at https://github.com/owtf/owtf/issues/905.

For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF

'''Expected results:'''
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''
*CRITICAL: Excellent reliability
*Good performance
*Unit tests / Functional tests
*Good documentation

== OWASP CSRF Protector ==
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form.
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===
'''Brief explanation:'''

The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.

Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;

The goal of this project would be to:
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues]
'''Expected results:'''
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''
*'''CRITICAL''': Excellent reliability and performance.
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)

'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]

== OWASP Code Review Guide ==
===Brief Explanation:===

OWASP Code Review Guide is a technical book written for those responsible for code reviews (management, developers, security professionals). The primarily focus of this book has been divided into two main sections. Section one is why and how of code reviews and sections two is devoted to what vulnerabilities need to be to look for during a manual code review. While security scanners are improving every day the need for manual security code reviews still needs to have a prominent place in organizations SDLC (Secure development life cycle) that desires good secure code in production.

Check OWASP Code Review Guide [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project] for some reference;

===Needs:===
'''Techincal writers'''

===Expected Results:===
* Move work in pdf and Adobe InDesign to OWASP wiki. See OWASP Testing Guide
* Move work in pdf and Adobe InDesign to GitBook format
* Move work in pdf and Adobe InDesign to OWASP OWASP lulu eBook format

===Knowledge Prerequisite:===
Good techincal writting skills, Adode InDesign

===Proposals from student:===
* Proposal on different formats to use to help increase the awareness and use of the OWASP Code Review Guide
* Recommendations on how to use social applications to promote OWASP Code Review Guide to developers and IT management

'''Mentors:'''
* Gary Robinson [mailto:Gary.Robinson@owasp.org] - OWASP Code Review Guide Project Leader

* Larry Conklin [mailto:Larry.Conklin@owasp.org] Larry Conklin - OWASP Code Review Guide Project Leader