OWASP - User contributions [en]

Jakarta

2019-12-23T12:03:32Z

Yoseman:

[[image:OWASPidn1.jpg|center|500px]]
{{Chapter Template|chaptername=Jakarta|extra=The chapter leader is [mailto:ade.putra@owasp.org Ade Yoseman Putra]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-jakarta|emailarchives=http://lists.owasp.org/pipermail/owasp-jakarta}}
[[Category:OWASP Chapter]]
[[Category:Indonesia]]
[[Category:Asia/Pacific/Middle East]]

Bhinneka Tunggal Ika 
united we stand divided we fall 
OWASP Indonesia 

OWASP Indonesia now officially has meetup in jakarta and yogyakarta. Yogyakarta is very special for owasp indonesia. We are non-profit organization. We are pleasure and welcome to all Indonesian to join us and share the knowledge, skill, idea and related to make OWASP Jakarta Project are benefit to everybody. OWASP Jakarta Project as well are the pioneer project for Web Security Application. Any private sector want to contribute and sponsor are welcome.
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 
 Please Donate Our Chapter 
[[Image:Btn_donate_SM.gif|120px|link=https://www.regonline.com/builder/site/Default.aspx?EventID=1044369]] 
=='''Stay in contact:'''==
<center>
{| cellspacing="15"
|-
| [[Image:Meetup-logo-2x.png|120px|link=https://www.meetup.com/meetup-group-XxqLdaeY]]
| [[Image:Follow-us-on-twitter.png|175px|link=http://twitter.com/OwaspJakarta]]
| [[Image:Wa2.jpeg|175px|link=https://chat.whatsapp.com/invite/KVpddPbKCTj4ErVwljbUYg]]
| [[Image:Fb.png|175px|link=http://www.facebook.com/owaspid]]
| [[Image:Web.jpg|175px|link=http://www.OWASP.or.id]]
| [[Image:Tele.jpg|175px|link=https://t.me/joinchat/KiPz5hOjsLPxWQ6bYVJusQ]]
|}
</center>
== '''Stay Updated''' ==

=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[ http://lists.owasp.org/mailman/listinfo/owasp-jakarta join our milis]

For all new members and existing member please free to contribute to OWASP Jakarta Chapter and if you are commitment to help OWASP Jakarta please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Jakarta please to contact [mailto:ade.putra@owasp.org OWASP Admin]. We still open Recruitment to join with us. if you interested feel free for contact me.
 We are welcome to join our conversation. If any query don't hesitate to contact [mailto:ade.putra@owasp.org OWASP Admin]. Everyone is welcome to join us at our chapter meetings.

'''NOTE: OWASP now promote for who want to become Official Members for Jakarta Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://www.owasp.or.id/2017/01/owasp-membership.html REGISTER]) OWASP Memberships'''

__NOTOC__

=English=

==NEWS==

==Events==
<meetup group="meetup-group-XxqLdaeY"/>

=== 2019 ===
Mentor for Google Summer Of Code 2019 [https://summerofcode.withgoogle.com/archive/2019/projects/5673600424607744/ Google Summer Of Code 2019]

==Past Security Events==

=== 2018 ===

OWASP Appsec Europe 2018 [https://appseceurope2018a.sched.com/ade.putra 2th-6th july 2018, UK] 

Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP TAIWAN SUMMIT 2018 ] Taipei, Taiwan 

Open Security Summit 2018 [https://open-security-summit.org/participant-remote/ade-yoseman/ @Remotely, Open Security Summit 2018 ] London, UK.

OWASP Sendai Chapter Meeting 2018, [https://owaspsendai.connpass.com/event/84885/ Sendai Japan] 27 th april 2018

Blackhat Asia Singapore 2018 Bussiness Hall [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 "TRENDS AND STRATEGIES FOR SECURING THE INTERNET OF THINGS"] 23 th March 2018

Blackhat Asia Singapore 2018 Arsenal [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 @Arsenal, Blackhat Asia Singapore 2018] 

=== 2017 ===

Codebali International Cyber Security Conference and Exhibitions 2017, [https://www.codebali.net/speaker FIRST-TC], 26-29 th September 2017

National Seminar of Research & Development Id-SIRTII/CC 2017, Hotel Grand Tjokro Bandung West Java Indonesia Theme : [http://riset.idsirtii.or.id/ Tren IOT & Mobile System] 27 July 2017

Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017 ] 11 - 13 July 2017

OWASP Summit 2017 London, England [Participants from OWASP Jakarta Chapter is [https://owaspsummit.org/Participants/remote/Ade-Yoseman-Putra.html Ade Yoseman],
[https://owaspsummit.org/Participants/remote/Petty-Meisari.html Petty Meisari] & 12-16 June 2017 

Blackhat Asia Singapore 2017 [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra @Arsenal, Blackhat Asia Singapore 2017] 30 - 31 March 2017 

=== 2016 ===
OWASP DAY KL 2016 Malaysia [https://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASPKL2016] 15 - 17 November 2016

==History==
On December 2016, [http://www.owasp.org/index.php/Ade_Yoseman_Putra Ade Yoseman reactive OWASP Indonesia]

==Project Volunteering==

OWASP Juice Shop UI v2.21.1 available in Indonesian language! 🇮🇩 (Preview: [[http://juice-shop-staging.herokuapp.com OWASP Juice Shop]]) download https://github.com/bkimminich/juice-shop/releases/tag/v2.21.1 

==Project On Progress==
Here the lists Project have been submit by OWASP JAKARTA Chapter Projects Members 
OWASP Jakarta Projects 

=== 2017 ===
[[OWASP_SecureTea_Project|OWASP SecureTea Project]] 

=== 2019 ===
[[Risk Assessment Framework|Risk Assessment Framework]] 

==Sponsoring==
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Indonesia. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] to talk about the following sponsoring possibilities.

Chapter Supporter 
Single Meeting Supporter 
Facility Sponsor 
Organization Supporters (allocating 40% of your annual donation to our Chapter) 

=='''Local Chapter Supporter'''==
'''
==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Indonesia chapter meetings: 

[[Image:mozid.jpg‎|200px||link=http://www.mozilla.or.id/ |alt=Mozzilla Indonesia]]
==Corporate Sponsors==

[[Image:Rumahweb.png‎|200px||link=https://www.rumahweb.com/ |alt=Rumah Web]]
[[Image:F5.png‎|200px||link=https://www.f5.com/ |alt=f5 Networks]]
[[Image:Bank_btpn.jpg‎|200px||link=https://www.btpn.com/ |alt=Bank BTPN]]
[[Image:FASPAY.png|200px||link=https://www.faspay.co.id/ |alt=Faspay PT. Media Indonusa]]
[[Image:Bankmandiri.png|200px||link=https://www.bankmandiri.co.id/ |alt=Bank Mandiri]]
[[Image:Logo-Bukalapak.png|200px||link=https://www.bukalapak.com/|alt=BUKALAPAK]]
[[Image:Logo-codemargonda (1).png|200px||link=https://www.codemargonda.com/|alt=Codemargonda]]
==Government Agency==

== Community ==
[[Image:Ncsd.PNG|200px||link=https://ncsd.or.id/|alt=National Cyber Security Defence ]]
[[Image:Bsidesid.png‎|200px||link=http://www.securitybsides.com/w/page/118994457/BSidesIndonesia/ |alt=BSidesIndonesia]]

=Meetup=
see our Meetup https://www.meetup.com/OWASP-Jakarta-Chapter/
==Next Meetup==

We Are Currently seeking venue and sponsorship for owasp monthly meetup. if your company interested support us please email us : indonesia2018@owasp.org 
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 

'''OWASP Jakarta Night Q4 2018 @Bukalapak.com'''

When: 28th November 2018 

From 17:00 pm - 22:00 pm 

venue : 
Bukalapak Engineering Office, Jalan Ampera Raya, RT.5/RW.10, Ragunan, South Jakarta City, Jakarta Indonesia
 

Sesi ini akan mendiskusikan tentang : 
1. Keynote speech by Badan Siber Sandi Negara / BSSN (Tbc) 
2. Security Championing by Vandy Putrandika 
3. Novice to expert in Deep Learning and why it's necessary? by rohit parab 
4. An architectural approach for decentralized applications by Ayodya Dewangga S R 

'''Event Program:''' 
17:00pm -18:00 pm - Arrival Participant & Registration 
18.00p.m - 18.30p.m - Keynote speech - Badan Siber Sandi Negara / BSSN (Tbc) 
18:30 pm – 19:15 p.m - Speech by Vandy Putrandika 
19.15 p.m - 19.45 p.m - Speech including Q & A by Rohit Parab 
20.45 p.m - 21.45 p.m - Speech including Q & A by Ayodya 
21:45 p.m - 22.00 pm - Networking Session /Photo Together 

This Meetup provide free Snack & food 

Sponsored by Bukalapak.com 

'''Topic: Security Championing''' 
Abstract: 

Resource, visibility and advocacy are always the main problems for the information security team in any company. Time and head count will always be scarce for the mandated scope of work. For a security bug, we might have to check all corners, rather than someone telling it to us. And no one actually thinks that infosec guys are the hero, right? 

Security championing model tries to be the silver bullet for all those, especially in companies who want to incorporate DevSecOps. Yet, the implementation is not without obstacle. It may even introduce new problems along the way. 

End of the talk one would be able to understand 

1. What is security championing? 
2. Who should implement security champion model and when is the best time? 
3. Where we can find and evangelize these security champions?
 
Bio:
 
'''Vandy Putrandika''' 
Vandy is a security, governance and project management generalist who is passionate about digital strategy and transformation. Currently he works at Bukalapak as the Head of Information Security and managing the super-awesome security team inside while juggling with several security programs.
 

Topic : 
'''An architectural approach for decentralized applications'''

1. Understanding web 2.0 and web 3.0 
2. The pros and cons of web 3.0 
3. What are decentralized applications? 
4. What are the benefits of decentralized application? 
5. How to build a decentralized application? 
6. How to secure decentralized application? 

'''Ayodya Dewangga S R'''

1. E-Channel Product Development Risk Officer at PT Bank Mandiri (Persero) Tbk 
2. Chief Information Security Officer at PT Dekodr Solusi Digital Indonesia 
3. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
4. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Rohit Parab '''

'''Title - Novice to expert in Deep Learning and why it's necessary?
'''
Bio - Co-Founder & CEO at Praemineo, Inc (The Artificial Intelligence Company). Almost a decade of solid hands-on experience in full life-cycle software development. Built applications in as varied as Desktop, Web and now in AI. Experienced in building high performance teams for high output in quicktime. A UX person. Strongly believes that a complete code should not just work, but also be clean and maintainable. An Artificial Intelligence enthusiast. 

Abstract - In brief, I will be sharing how someone can 

1. Get started with Deep Learning. 
2. What are the basic requirements. 
3. Online free resources. 
4. How much of math is required. 
5. What is the current state of Deep Learning and its effects on future. 

==Past Meetup==

'''OWASP JAKARTA NIGHT Q4 2018 '''

When: 22th October 2018 

From 17:00 pm - 22:00 pm 

venue : 

Plaza Mandiri Auditorium lantai 3 
Jl jendral gatot subroto Kav. 36-38 Jakarta 12190, Indonesia 

This Meetup provide free drink & food 

Sponsored by Bank Mandiri 

'''Talk''' 
1. How to protecting critical infrastructure national (Study case: asian games 2018) by Yusuf Hadiwinata Sutandar 

2. Security Engineering by Semi Yulianto 

Abstract: 
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. 

Topics: 
- Security Objectives 
- Security Design Guidelines 
- Security Modeling 
- Security Architecture and Design Review 
- Security Code Review 
- Security Testing 
- Security Tuning 
- Security Deployment Review 

These activities are designed to help meet security objectives in the software life cycle. 
Sesi ini including : 
Demo: Threat Modeling, Secure Code Review & Dynamic Analysis 

Short bio : 
Semi Yulianto 
BSc. (Accounting), M.IT (IT Security & Governance) 
Doctor in IT, Student at Graduate School of University of the East (Manila, Philippines)
MCT, MCDBA, MCTS, MCITP, MCSA, MCSE, MCT, CCNP, CWNA, CEH, ECSA, CHFI, ECSP, EDRP, CND,
CEI, SSCP, CISSP, CSSLP, CISA, CISM, CySA+, CASP, OSSA, CASE Java.
Co-Founder & CEO, Chief Hacking Officer (CHO) of PT. Systech Global Informasi (SGI Asia). 

Information Security Interim Consultant / Subject Matter Expert (SME) at PT. Trinusa Travelindo (Traveloka). 

Information Security/Cyber Security Practitioner, Consultant & Senior Technical Trainer 

More than 20 years working experience in the IT industry with experiences in the area of
Application and Software Development (Database and Management), Operating Systems,
Server Systems, Messaging and Collaboration, Inter-networking, Network Infrastructure,
Desktop Support and Application (Secure Programming & SDL) and Network Security. Has
trained IT Professionals from diverse organizations in Asia Pacific, Middle East and Africa
region namely Indonesia, Malaysia, Singapore, Thailand, Bhutan, Cambodia, Philippines, Saudi
Arabia/KSA, Tunisia, Morocco & South Korea. Proven track of records in delivering High
Quality IT training with very good to excellent feedback ratings (full clients’ satisfaction).
Deep knowledge and excellent skills on Vulnerability Assessment, Ethical Hacking,
Penetration Testing, IT Audit and Computer Forensics with combination of Technical and
Management expertise. Interested in Exploit Writing, Malware Analysis, Forensics on Moving
Data, and Cloud Computing Security. 
Mission: 'To create Awareness and Educate People in Information Systems Security' 

3. DevSecOps Automation: Speedup software delivery with security in mind by Denny 

Desc: 
Integrating SAST and DAST into SDLC (CI/CD) to quickly find potential security problem in both code and runtime, without sacrificing delivery time.
Focusing on the speed on deliveries and creating secure by default software,
 

Bio: 

Denny began his IT career as a software developer, have 5 years experience in developing application on various platform and it was a great advantage to jump into application security as a professional penetration tester for almost 5 years. Now working for Vantage Point Security as a Senior Application Security Consultant, focusing in Security Testing Integration into SDLC process. 

• Event Program: 
18.00 p.m - 18.30 p.m - Arrival Participant & Registration 
18:30 pm – 18:45 p.m - Speech by Nadira Bajrei from Bank Mandiri 
18.45p.m - 19.30 p.m - Speech including Q & A by Denny 
19.30 p.m - 20.30 p.m - Speech including Q & A by Yusuf Hadiwinata Sutandar 
20.30 p.m - 21.30 p.m - Speech including Q & A by Semi Yulianto 
21:30 p.m - 22.00 pm - photo together / networking Session 

OWASP Indonesia Online Session Talk 
Title: Strengthen and Scale security using DevSecOps([[Media:Devsecops-owasp-indonesia.pdf|PDF]]) 
Thursday, October 4, 2018 
1:00 PM to 2:00 PM 

Register : https://www.meetup.com/meetup-group-XxqLdaeY/events/255089357/ 
Speaker Bio 

Imran "secfigo" Mohammed is a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He is also the author of OWASP DevSecOps Studio, OWASP DevSlop and Awesome-Fuzzing projects. 

He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking/training in conferences like Blackhat, OWASP AppSec, DevSecCon, PyCon, NullCon, All Day DevOps, Null and OWASP chapters. 

'''OWASP JAKARTA NIGHT Q3 2018 '''
Sesi ini akan mendiskusikan tentang : 
'''
Web Application by Design with OWASP''' 

Pembicara 
1. First Step to Web Application ISO27001 vs PCIDSS VS OWASP TOP 10 by Elias (Head of System Development Faspay) ([[Media:OWASPNightFaspay.pdf|PDF]]) 
2. Building a tailored AppSec Program using OpenSAMM by Suman Sourav & Tuyen Do 

'''Abstract: Building a tailored AppSec Program using OpenSAMM''' 
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices 
• Building a balanced software security program in well-defined iterations 
• Demonstrating concrete improvements to a security assurance program 
• Defining and measuring security-related activities within an organization 
 
This session is focused on the practical implementation of an AppSec Program based on your organization needs and business risk appetite. Most of the AppSec program fails because of lack of programmatic approach and strategic rollout. Participants will learn about an importance of a Security Program Management, how it solves people, process and technologies challenges in implementing an AppSec program, driving results and metrics relevant to the different stakeholders. 

Speaker Bio:
 
Suman is a Certified Secure Software Lifecycle Professional (CSSLP) having more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds a unified approach to deal with the root cause of software security problems. Currently he is working with Vantage Point Security as a Regional Program Director for Vantage Point Security and helping clients in SEA region to implement application security program.
 
Tuyen is an experienced Security Programme Manager, highly strategic, analytical and performance driven professional with 7+ years of blended experience in managing strategic programs /initiatives within banking & financial, and information technology sectors. Dynamic, versatile, hands-on Program Leader who leads teams to design & implement successful projects/programs that align business objectives and deliver rapid results, within timelines, budgets, and as per specifications.
 

Catatan :
 
peserta tidak perlu membawa laptop acara ini free for everyone 

Acara ini akan diadakan pada: 27th September 2018 

From 18:00 pm - 22:00 pm 

[https://www.meetup.com/meetup-group-XxqLdaeY/events/254502146/?_xtd=gatlbWFpbF9jbGlja9oAJDM1ODIxOTk5LTZlNmYtNDA0Ny05ZDZlLThiYmYzNzQzNTgyZA&_af=event&_af_eid=254502146 REGISTER HERE]

venue : 
Faspay Working Space 
Jakarta Pusat 
'''OWASP Jakarta Night #2'''

When 
19:00 - 22:00 
Tue, Aug 7, 2018 

Where 
Venue: 
Marque at Cyber 2 Tower, 
Jl. H. R. Rasuna Said Blok X-5 Cyber 2 Tower 17th Floor, RT.7/RW.2, Kuningan Timur, Jakarta, Kota Jakarta Selatan, 12950, Indonesia 

[https://www.eventbrite.com/e/owasp-jakarta-night-2-tickets-48230657194 Registration in here] 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader , Ade Yoseman Putra 
19.15p.m - 19.30 p.m - Speech including Q & A OWASP Indonesia Co Chapter Leader by Suman Sourav 
19.30 p.m - 20.30 p.m - Speech including Q & A by David Holmes 
20.30 p.m - 21.30 p.m - Speech including Q & A by Harley Davidson Karel ([[Media:Owasp_Jakarta_Night_-2.pdf|PDF]]) 
21:30 p.m - 22.00 pm - photo together/networking session 

Topic:

'''Hybrid Cloud Security'''

Hybrid Cloud Security continues to be relevant topic. David Holmes ( Global Security Evangelist for F5 Networks) will detail F5’s experience assisting a Fortune 10 company overcome some of their security challenges in moving to a multi-cloud architecture. His presentation will also include a look at some new F5 technologies that secure and containerize application traffic.
 
Mr. Holmes is a 17-year veteran of F5 and has met with banking and finance, government, and private enterprise security teams all over the world so he usually has the measure of who is doing what and where. This is an excellent opportunity to pick his brain about architecture, industry trends, or any other security topic that is top of mind. 

More about David Holmes: 

Based in Asia Pacific, David Holmes is the Global Security Evangelist for F5 Networks. In this role, Holmes is spokesman, researcher and evangelist for F5’s threat intelligence division, with an emphasis on cryptography, distributed denial of service attacks, and the Internet of Things. He speaks at conferences such as RSA, InfoSec and Gartner Data Center.

Holmes authors white papers on security topics such as global cryptography trends and modern DDoS threat spectrum. He has also written for industry magazines such as the SCMagazine and Network World. These days,he writes regularly about vulnerabilities, technical solutions and the security industry for SecurityWeek.com and F5 Labs.

He joined F5 Networks in 2001, and, as a Principal Software Engineer, where he designed many of the system and core security features. Holmes has 20 years of experience in security and product engineering.

Prior to F5, Holmes was a Vice President of Engineering at Dvorak Development (in Boulder, CO) and a Senior Software Engineer (Security) at CyberSafe, Inc.

Holmes majored in Computer Science and Engineering Physics at the University of Colorado at Boulder. For public speaking, Holmes has a Competent Communicator award from Toastmasters International and other public speaking awards.
 

Many thanks to F5 for their sponsorship.
 

Harley Davidson Karel 

'''Topic : Static Analysis Security Testing (SAST) using open source
'''
 
Topic Extract : 

Find security issues on development stage using open source static analysis security testing (SAST), so that developer will be able to identify security issues on earlier stage of software development life cycle, rather than waiting for penetration testing stage. 

SAST demo will be conducted with command line interface usage, IDE integration, & Jenkins integration. The demo will scan and found security issues on several programming language such as Java, python, & ruby 

Bio: 

Harley Davidson Karel is working as Associate Application Security Consultant at Vantage Point Security Indonesia. He is EC-Council Certified and well trained in working in application security activities that help organisations to put security aspect in every stage of software development life cycle. He has been selected as a speaker for PyConMY 2018 Kuala Lumpur, PyConES 2018 Malaga Spain, GrillRB 2018 Wroclaw Poland.
 

 

'''OWASP Indonesia Q1 Meetup 2018'''

[[File:Owaspidq12018.jpeg|400px|center]]
==== Talks ====
 '''Reduce the Risk of a Data Breach with Open Source INTelligence (OSINT)''' 
by Ayodya (Security Engineer at Bukalapak) 
 '''Building Appsec Pipeline''' by Suman Sourav 
 '''OWASP Top 10 Mobile Application Vulnerability''' 
by Williams 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader 
19.15p.m - 20.00 p.m - Speech including Q & A by Suman Sourav 
20.00 p.m - 20.45 p.m - Speech including Q & A by Ayodya 
20.45 p.m - 21.30 p.m - Speech including Q & A by william 
==== Speakers ====

'''Ayodya'''

[[File:Ayodya.jpg|200px]] 
1. Security Engineer at Bukalapak 
2. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
3. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Williams'''

'''Suman Sourav'''
 Building Appsec Pipeline 

SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE 

Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. 

19:00 - 22:00 
Thursday, March 29, 2018 
Register :[closed] 
venue : 
[[File:Btpn.png|left]] 
Bank BTPN. Menara BTPN, 27 th floor - CBD Mega Kuningan Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950 

OWASP Jakarta Q4 2017 Meetup 
[[File:Owaspmeetupbtpn.jpg|400px|center]] 

19:00 - 22:00 
Tue, Nov 21, 2017 

BANK BTPN 
Menara BTPN - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950
 
OWASP Jakarta Q4 2017 Meetup 

Menara BTPN, 27 th floor - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 
Jakarta 12950 
Theme : Application Security in Owasp top 10 2017 
When : 
at Q1 21th november 2017 
From 19:00 pm - 22:00 pm 

[https://www.eventbrite.com/e/owasp-jakarta-q4-2017-meetup-tickets-39109060252 CLOSED] 
==== Talks ====

* '''Secure coding practices with golang''' ([[Media:Owasp-171123063052.pdf|PDF]]) by sulhaedir (IT Security Spesialis at Tokopedia) 
* '''OWASP Risk Rating Management Project'''([[Media:Riskratingmanagement-170615172835.pdf |PDF]]) by M febri 

==== Speakers ====

'''sulhaedir'''

[[File:Sulhaedir.jpg|200px]]

Sulhaedir have 6 years experience in information security. he work as security specialist at TOKOPEDIA. he also Security research in nemosecurity 
 
'''M.Febri''' 

[[File:Febri.jpg|200px]] 

he work as Security Consultant at Visionet. 

Thanks for sponsor this meetup 
{{MemberLinks|link=https://www.btpn.com/ |logo=Bank_btpn.jpg }}

 
'''Workshop OWASP at "Sofware Freedom Day 2017"''' 
[[File:Sofware freedom day 2017.jpg|200px]] 

 workshop with KSL UBL "improving Security Attack and Defense with OWASP" 

when : Sat, September 16, 08:00 – 15:00 pm 
Auditorium Universitas Budi Luhur, Jl. Ciledug Raya No.126, RT.1/RW.2, Petukangan Utara, Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12260, Indonesia 
'''OWASP Indonesia Day 2017'''
[[File:Owaspdayid1.jpeg|center]]
 when Developers, startups, hackers will meet..
just visit us @ OWASP Indonesia Day 2017 
Yogyakarta, 09 th september 2017 
 https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 

if you interested sponsor our events just contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] 

'''OWASP Jakarta Tech Day Meetup 2017'''
[[File:Owaspmeetup2.jpg|left|frameless]]
OWASP Jakarta succesfully host meetup on May 2017

with Theme: "How Secure Ecommerce"

Date: 14 May 2017 02 pm to 05 pm (GMT+7 Jakarta)

Venue: PTC Pulogadung Trade Centre Ballroom 2nd Floor

Jalan Raya Bekasi, RW.3, Rw. Terate, Cakung, Kota Jakarta Timur, DKI Jakarta 13920

Google Maps :

https://goo.gl/maps/gmZnSofLvEF2

==== Talks ====
* '''Turning Legal Website into DDoS Tool''' by Kalpin Erlangga (Indonesia Honeynet Project) ([[Media:IHP-OWASP-Kalpin-Presentation_-_Template-OWASP-Final.pdf|PDF]]) .
* '''The Art of phishing, and how to save yourself''' by Oliver Valentino (Security analyst [http://www.bukalapak.com BUKALAPAK]) ([[Media:OWASP_presentation_-Oliver_Valentino_-.pdf|PDF]]) 
* '''Trend Defacement On Indonesia E-Commerce Website''' by Achmad Syafaat (ID-SIRTII/CC) 
* '''Client Side Security And Testing Tools''' by David Cervigni ( [https://mindedsecurity.com/index.php/about-us/company Minded Security]) ([[Media:OWASP_presentation_jkt2017.pdf|PDF]])
* ''' Hacking as a Livestyle''' Matias Prasodjo(Dracos) ([[Media:Hacking_Live_Style_-_OWASP_Jakarta.pdf|PDF]]) 

==== Speakers ====
==== '''Kalpin Erlangga Silaen''' ====

[[File:Kelpin2.jpg]]

Kalpin Erlangga Silaen is a senior security consultant with experience more than 15 years in IT. He is a graduate of the Master of Computer in Faculty of Engineering and IT at Swiss German University. He was first winner as a team at Cyber Defense Competition, Ministry of Defense of Indonesia on 2013

(Jakarta) and 2014 (Surabaya). He has experience as security penetration tester for various industry such as telecommunication, banking, finance, and government for more than 7 years. His interests includes network and cloud security

'''Oliver Valentino'''

Oliver Valentino is a tech evangelist and security enthusiast. Currently work as a security analyst at [http://www.bukalapak.com bukalapak]. Got his bachelor degree from Universitas Advent Indonesia Bandung

'''David Cervigni'''

[[File:Dvd.jpg]]

David Cervigni is a Senior Security Consultant of the [https://mindedsecurity.com/index.php/about-us/company Minded Security] consultants team. He has a strong experience in collaborating closely with developer teams to securing SDLC and DevOps systems. His specialties include secure coding training, vulnerability assessment, manual and automated code review solutions, critical software design and compliance. His experience maturated mostly in the financial sector and in the biggest institutions across Swiss and UK markets. He holds a master's degree in computer science from the University of Camerino.

'''Achmad Syafaat'''

'''Matias Prasodjo'''

Matias Prasodjo is Vice Leader [https://dracos-linux.org/ DracOs Linux Team]. he is Subject Matter Expert Security and System at PT Lintas Teknologi Indonesia.

==Past Meetup==
OWASP Indonesia Meetup I 2017 on March 4 th, 2017 
See More [https://www.owasp.org/index.php/OWASP_Indonesia_Meetup_I_2017 OWASP Indonesia Meetup I 2017 on March 4 th, 2017]

=Bahasa=

OWASP Indonesia adalah sebuah salah satu cabang dari Yayasan OWASP di belahan dunia. Yayasan OWASP adalah terbuka dan organisasi non profit.Kami membuka kesempatan kepada orang indonesia untuk bergabung serta berkontribusi pada OWASP Indonesia (Jakarta) Chapter.

Apa Yang Bisa anda kontribusi kan pada Yayasan OWASP
===OWASP Indonesia Chapter===
1. Anda bisa menyediakan Tempat untuk Agenda kami 
2. Anda bisa menjadi Speaker & Trainer dalam setiap Event kami 
3. Anda bisa menjadi University Supporter Kami 
4. Anda bisa menjadi Donatur kami 
5. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) 

===OWASP Foundation===
1. Anda bisa menjadi Speaker & Trainer dalam setiap Event Yayasan OWASP di seluruh dunia 
2. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) pada Yayasan OWASP Global 

how to register OWASP membership, berikut saya sudah jelaskan step by stepnya di [http://www.owasp.or.id/2017/01/owasp-membership.html web owasp.or.id]

==Berita==

Kami mencari volunteer untuk penerjemahan OWASP 2013 Top Ten dari Bahasa Inggris ke dalam Bahasa. Saat Ini sedang dalam pengerjaan / On Progress.
Silahkan bergabung dengan tim kami [https://www.owasp.org/index.php/OWASP_Top_10_2013_-_Bahasa_Indonesia tim penerjamah OWASP 2013 Top 10-Bahasa]

=Our Chapter Leadership=

{| class="wikitable"
|-
! scope="col" style="width: 20%; font: bold;" |''' Chapter Leadership Board Member Role'''
! scope="col" |Responsibilities
! scope="col" |Person(s)
|-
|Chapter Leader / Chairman
|The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair.
|Ade Yoseman Putra

|-
|Sponsor Coordinator
|Serves as the primary liaison between the Chapter and all sponsors, and solicits sponsors for the Chapter meetings, happy hours, and other events.
|Hilman Aditya

|-
|Speaker and Special Event Coordinator
|Seeks and schedules speakers for monthly Chapter meetings and other events.
|Dewo Nur Satrio
|-

|Conference/Event/Meetup Coordinator
|Coordinates all of the efforts for the annual OWASP Indonesia Day, OWASP Jakarta Night & all OWASP Jakarta Events.
|Eka Syahfitri
|-
|PR/Marketing Coordinator/Designer Grafis
|Provides marketing of OWASP Indonesia Day and other Chapter events.
|Muhamad Iqbal Dewanto

|-
|Equipment Committee
|Equipment Committee for OWASP Meetup
|Bima

|-
|Volunteer
|Volunteer Lists
|Achmad Syafaat, Gumux Hijack, Ali Kaharu

|-
|Finance
|The Chapter Leader is designated as primary person responsible for Chapter budget and Chapter expense approvals.
The previous Chapter Leader is designated as secondary approver, who also will approve any expenses submitted by the Chapter Leader.
|

|-
|Advisory Board Members
|Made up of previous Chapter leaders who provide mentoring, coaching, and assistance to the board and contribute to the Chapter’s success.
|

|}

<headertabs></headertabs>

Jakarta

2019-12-23T11:53:36Z

Yoseman:

[[image:OWASPidn1.jpg|center|500px]]
{{Chapter Template|chaptername=Jakarta|extra=The chapter leader is [mailto:ade.putra@owasp.org Ade Yoseman Putra]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-jakarta|emailarchives=http://lists.owasp.org/pipermail/owasp-jakarta}}
[[Category:OWASP Chapter]]
[[Category:Indonesia]]
[[Category:Asia/Pacific/Middle East]]

Bhinneka Tunggal Ika 
united we stand divided we fall 
OWASP Indonesia 

OWASP Indonesia now officially has meetup in jakarta and yogyakarta. Yogyakarta is very special for owasp indonesia. We are non-profit organization. We are pleasure and welcome to all Indonesian to join us and share the knowledge, skill, idea and related to make OWASP Jakarta Project are benefit to everybody. OWASP Jakarta Project as well are the pioneer project for Web Security Application. Any private sector want to contribute and sponsor are welcome.
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 
 Please Donate Our Chapter 
[[Image:Btn_donate_SM.gif|120px|link=https://www.regonline.com/builder/site/Default.aspx?EventID=1044369]] 
=='''Stay in contact:'''==
<center>
{| cellspacing="15"
|-
| [[Image:Meetup-logo-2x.png|120px|link=https://www.meetup.com/meetup-group-XxqLdaeY]]
| [[Image:Follow-us-on-twitter.png|175px|link=http://twitter.com/OwaspJakarta]]
| [[Image:Wa2.jpeg|175px|link=https://chat.whatsapp.com/invite/KVpddPbKCTj4ErVwljbUYg]]
| [[Image:Fb.png|175px|link=http://www.facebook.com/owaspid]]
| [[Image:Web.jpg|175px|link=http://www.OWASP.or.id]]
| [[Image:Tele.jpg|175px|link=https://t.me/joinchat/KiPz5hOjsLPxWQ6bYVJusQ]]
|}
</center>
== '''Stay Updated''' ==

=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[ http://lists.owasp.org/mailman/listinfo/owasp-jakarta join our milis]

For all new members and existing member please free to contribute to OWASP Jakarta Chapter and if you are commitment to help OWASP Jakarta please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Jakarta please to contact [mailto:ade.putra@owasp.org OWASP Admin]. We still open Recruitment to join with us. if you interested feel free for contact me.
 We are welcome to join our conversation. If any query don't hesitate to contact [mailto:ade.putra@owasp.org OWASP Admin]. Everyone is welcome to join us at our chapter meetings.

'''NOTE: OWASP now promote for who want to become Official Members for Jakarta Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://www.owasp.or.id/2017/01/owasp-membership.html REGISTER]) OWASP Memberships'''

__NOTOC__

=English=

==NEWS==

==Events==
<meetup group="meetup-group-XxqLdaeY"/>

=== 2019 ===
Mentor for Google Summer Of Code 2019 [https://summerofcode.withgoogle.com/archive/2019/projects/5673600424607744/]

==Past Security Events==

=== 2018 ===

OWASP Appsec Europe 2018 [https://appseceurope2018a.sched.com/ade.putra 2th-6th july 2018, UK] 

Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP TAIWAN SUMMIT 2018 ] Taipei, Taiwan 

Open Security Summit 2018 [https://open-security-summit.org/participant-remote/ade-yoseman/ @Remotely, Open Security Summit 2018 ] London, UK.

OWASP Sendai Chapter Meeting 2018, [https://owaspsendai.connpass.com/event/84885/ Sendai Japan] 27 th april 2018

Blackhat Asia Singapore 2018 Bussiness Hall [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 "TRENDS AND STRATEGIES FOR SECURING THE INTERNET OF THINGS"] 23 th March 2018

Blackhat Asia Singapore 2018 Arsenal [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 @Arsenal, Blackhat Asia Singapore 2018] 

=== 2017 ===

Codebali International Cyber Security Conference and Exhibitions 2017, [https://www.codebali.net/speaker FIRST-TC], 26-29 th September 2017

National Seminar of Research & Development Id-SIRTII/CC 2017, Hotel Grand Tjokro Bandung West Java Indonesia Theme : [http://riset.idsirtii.or.id/ Tren IOT & Mobile System] 27 July 2017

Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017 ] 11 - 13 July 2017

OWASP Summit 2017 London, England [Participants from OWASP Jakarta Chapter is [https://owaspsummit.org/Participants/remote/Ade-Yoseman-Putra.html Ade Yoseman],
[https://owaspsummit.org/Participants/remote/Petty-Meisari.html Petty Meisari] & 12-16 June 2017 

Blackhat Asia Singapore 2017 [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra @Arsenal, Blackhat Asia Singapore 2017] 30 - 31 March 2017 

=== 2016 ===
OWASP DAY KL 2016 Malaysia [https://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASPKL2016] 15 - 17 November 2016

==History==
On December 2016, [http://www.owasp.org/index.php/Ade_Yoseman_Putra Ade Yoseman reactive OWASP Indonesia]

==Project Volunteering==

OWASP Juice Shop UI v2.21.1 available in Indonesian language! 🇮🇩 (Preview: [[http://juice-shop-staging.herokuapp.com OWASP Juice Shop]]) download https://github.com/bkimminich/juice-shop/releases/tag/v2.21.1 

==Project On Progress==
Here the lists Project have been submit by OWASP JAKARTA Chapter Projects Members 
OWASP Jakarta Projects 

=== 2017 ===
[[OWASP_SecureTea_Project|OWASP SecureTea Project]] 

=== 2019 ===
[[Risk Assessment Framework|Risk Assessment Framework]] 

==Sponsoring==
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Indonesia. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] to talk about the following sponsoring possibilities.

Chapter Supporter 
Single Meeting Supporter 
Facility Sponsor 
Organization Supporters (allocating 40% of your annual donation to our Chapter) 

=='''Local Chapter Supporter'''==
'''
==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Indonesia chapter meetings: 

[[Image:mozid.jpg‎|200px||link=http://www.mozilla.or.id/ |alt=Mozzilla Indonesia]]
==Corporate Sponsors==

[[Image:Rumahweb.png‎|200px||link=https://www.rumahweb.com/ |alt=Rumah Web]]
[[Image:F5.png‎|200px||link=https://www.f5.com/ |alt=f5 Networks]]
[[Image:Bank_btpn.jpg‎|200px||link=https://www.btpn.com/ |alt=Bank BTPN]]
[[Image:FASPAY.png|200px||link=https://www.faspay.co.id/ |alt=Faspay PT. Media Indonusa]]
[[Image:Bankmandiri.png|200px||link=https://www.bankmandiri.co.id/ |alt=Bank Mandiri]]
[[Image:Logo-Bukalapak.png|200px||link=https://www.bukalapak.com/|alt=BUKALAPAK]]
[[Image:Logo-codemargonda (1).png|200px||link=https://www.codemargonda.com/|alt=Codemargonda]]
==Government Agency==

== Community ==
[[Image:Ncsd.PNG|200px||link=https://ncsd.or.id/|alt=National Cyber Security Defence ]]
[[Image:Bsidesid.png‎|200px||link=http://www.securitybsides.com/w/page/118994457/BSidesIndonesia/ |alt=BSidesIndonesia]]

=Meetup=
see our Meetup https://www.meetup.com/OWASP-Jakarta-Chapter/
==Next Meetup==

We Are Currently seeking venue and sponsorship for owasp monthly meetup. if your company interested support us please email us : indonesia2018@owasp.org 
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 

'''OWASP Jakarta Night Q4 2018 @Bukalapak.com'''

When: 28th November 2018 

From 17:00 pm - 22:00 pm 

venue : 
Bukalapak Engineering Office, Jalan Ampera Raya, RT.5/RW.10, Ragunan, South Jakarta City, Jakarta Indonesia
 

Sesi ini akan mendiskusikan tentang : 
1. Keynote speech by Badan Siber Sandi Negara / BSSN (Tbc) 
2. Security Championing by Vandy Putrandika 
3. Novice to expert in Deep Learning and why it's necessary? by rohit parab 
4. An architectural approach for decentralized applications by Ayodya Dewangga S R 

'''Event Program:''' 
17:00pm -18:00 pm - Arrival Participant & Registration 
18.00p.m - 18.30p.m - Keynote speech - Badan Siber Sandi Negara / BSSN (Tbc) 
18:30 pm – 19:15 p.m - Speech by Vandy Putrandika 
19.15 p.m - 19.45 p.m - Speech including Q & A by Rohit Parab 
20.45 p.m - 21.45 p.m - Speech including Q & A by Ayodya 
21:45 p.m - 22.00 pm - Networking Session /Photo Together 

This Meetup provide free Snack & food 

Sponsored by Bukalapak.com 

'''Topic: Security Championing''' 
Abstract: 

Resource, visibility and advocacy are always the main problems for the information security team in any company. Time and head count will always be scarce for the mandated scope of work. For a security bug, we might have to check all corners, rather than someone telling it to us. And no one actually thinks that infosec guys are the hero, right? 

Security championing model tries to be the silver bullet for all those, especially in companies who want to incorporate DevSecOps. Yet, the implementation is not without obstacle. It may even introduce new problems along the way. 

End of the talk one would be able to understand 

1. What is security championing? 
2. Who should implement security champion model and when is the best time? 
3. Where we can find and evangelize these security champions?
 
Bio:
 
'''Vandy Putrandika''' 
Vandy is a security, governance and project management generalist who is passionate about digital strategy and transformation. Currently he works at Bukalapak as the Head of Information Security and managing the super-awesome security team inside while juggling with several security programs.
 

Topic : 
'''An architectural approach for decentralized applications'''

1. Understanding web 2.0 and web 3.0 
2. The pros and cons of web 3.0 
3. What are decentralized applications? 
4. What are the benefits of decentralized application? 
5. How to build a decentralized application? 
6. How to secure decentralized application? 

'''Ayodya Dewangga S R'''

1. E-Channel Product Development Risk Officer at PT Bank Mandiri (Persero) Tbk 
2. Chief Information Security Officer at PT Dekodr Solusi Digital Indonesia 
3. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
4. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Rohit Parab '''

'''Title - Novice to expert in Deep Learning and why it's necessary?
'''
Bio - Co-Founder & CEO at Praemineo, Inc (The Artificial Intelligence Company). Almost a decade of solid hands-on experience in full life-cycle software development. Built applications in as varied as Desktop, Web and now in AI. Experienced in building high performance teams for high output in quicktime. A UX person. Strongly believes that a complete code should not just work, but also be clean and maintainable. An Artificial Intelligence enthusiast. 

Abstract - In brief, I will be sharing how someone can 

1. Get started with Deep Learning. 
2. What are the basic requirements. 
3. Online free resources. 
4. How much of math is required. 
5. What is the current state of Deep Learning and its effects on future. 

==Past Meetup==

'''OWASP JAKARTA NIGHT Q4 2018 '''

When: 22th October 2018 

From 17:00 pm - 22:00 pm 

venue : 

Plaza Mandiri Auditorium lantai 3 
Jl jendral gatot subroto Kav. 36-38 Jakarta 12190, Indonesia 

This Meetup provide free drink & food 

Sponsored by Bank Mandiri 

'''Talk''' 
1. How to protecting critical infrastructure national (Study case: asian games 2018) by Yusuf Hadiwinata Sutandar 

2. Security Engineering by Semi Yulianto 

Abstract: 
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. 

Topics: 
- Security Objectives 
- Security Design Guidelines 
- Security Modeling 
- Security Architecture and Design Review 
- Security Code Review 
- Security Testing 
- Security Tuning 
- Security Deployment Review 

These activities are designed to help meet security objectives in the software life cycle. 
Sesi ini including : 
Demo: Threat Modeling, Secure Code Review & Dynamic Analysis 

Short bio : 
Semi Yulianto 
BSc. (Accounting), M.IT (IT Security & Governance) 
Doctor in IT, Student at Graduate School of University of the East (Manila, Philippines)
MCT, MCDBA, MCTS, MCITP, MCSA, MCSE, MCT, CCNP, CWNA, CEH, ECSA, CHFI, ECSP, EDRP, CND,
CEI, SSCP, CISSP, CSSLP, CISA, CISM, CySA+, CASP, OSSA, CASE Java.
Co-Founder & CEO, Chief Hacking Officer (CHO) of PT. Systech Global Informasi (SGI Asia). 

Information Security Interim Consultant / Subject Matter Expert (SME) at PT. Trinusa Travelindo (Traveloka). 

Information Security/Cyber Security Practitioner, Consultant & Senior Technical Trainer 

More than 20 years working experience in the IT industry with experiences in the area of
Application and Software Development (Database and Management), Operating Systems,
Server Systems, Messaging and Collaboration, Inter-networking, Network Infrastructure,
Desktop Support and Application (Secure Programming & SDL) and Network Security. Has
trained IT Professionals from diverse organizations in Asia Pacific, Middle East and Africa
region namely Indonesia, Malaysia, Singapore, Thailand, Bhutan, Cambodia, Philippines, Saudi
Arabia/KSA, Tunisia, Morocco & South Korea. Proven track of records in delivering High
Quality IT training with very good to excellent feedback ratings (full clients’ satisfaction).
Deep knowledge and excellent skills on Vulnerability Assessment, Ethical Hacking,
Penetration Testing, IT Audit and Computer Forensics with combination of Technical and
Management expertise. Interested in Exploit Writing, Malware Analysis, Forensics on Moving
Data, and Cloud Computing Security. 
Mission: 'To create Awareness and Educate People in Information Systems Security' 

3. DevSecOps Automation: Speedup software delivery with security in mind by Denny 

Desc: 
Integrating SAST and DAST into SDLC (CI/CD) to quickly find potential security problem in both code and runtime, without sacrificing delivery time.
Focusing on the speed on deliveries and creating secure by default software,
 

Bio: 

Denny began his IT career as a software developer, have 5 years experience in developing application on various platform and it was a great advantage to jump into application security as a professional penetration tester for almost 5 years. Now working for Vantage Point Security as a Senior Application Security Consultant, focusing in Security Testing Integration into SDLC process. 

• Event Program: 
18.00 p.m - 18.30 p.m - Arrival Participant & Registration 
18:30 pm – 18:45 p.m - Speech by Nadira Bajrei from Bank Mandiri 
18.45p.m - 19.30 p.m - Speech including Q & A by Denny 
19.30 p.m - 20.30 p.m - Speech including Q & A by Yusuf Hadiwinata Sutandar 
20.30 p.m - 21.30 p.m - Speech including Q & A by Semi Yulianto 
21:30 p.m - 22.00 pm - photo together / networking Session 

OWASP Indonesia Online Session Talk 
Title: Strengthen and Scale security using DevSecOps([[Media:Devsecops-owasp-indonesia.pdf|PDF]]) 
Thursday, October 4, 2018 
1:00 PM to 2:00 PM 

Register : https://www.meetup.com/meetup-group-XxqLdaeY/events/255089357/ 
Speaker Bio 

Imran "secfigo" Mohammed is a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He is also the author of OWASP DevSecOps Studio, OWASP DevSlop and Awesome-Fuzzing projects. 

He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking/training in conferences like Blackhat, OWASP AppSec, DevSecCon, PyCon, NullCon, All Day DevOps, Null and OWASP chapters. 

'''OWASP JAKARTA NIGHT Q3 2018 '''
Sesi ini akan mendiskusikan tentang : 
'''
Web Application by Design with OWASP''' 

Pembicara 
1. First Step to Web Application ISO27001 vs PCIDSS VS OWASP TOP 10 by Elias (Head of System Development Faspay) ([[Media:OWASPNightFaspay.pdf|PDF]]) 
2. Building a tailored AppSec Program using OpenSAMM by Suman Sourav & Tuyen Do 

'''Abstract: Building a tailored AppSec Program using OpenSAMM''' 
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices 
• Building a balanced software security program in well-defined iterations 
• Demonstrating concrete improvements to a security assurance program 
• Defining and measuring security-related activities within an organization 
 
This session is focused on the practical implementation of an AppSec Program based on your organization needs and business risk appetite. Most of the AppSec program fails because of lack of programmatic approach and strategic rollout. Participants will learn about an importance of a Security Program Management, how it solves people, process and technologies challenges in implementing an AppSec program, driving results and metrics relevant to the different stakeholders. 

Speaker Bio:
 
Suman is a Certified Secure Software Lifecycle Professional (CSSLP) having more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds a unified approach to deal with the root cause of software security problems. Currently he is working with Vantage Point Security as a Regional Program Director for Vantage Point Security and helping clients in SEA region to implement application security program.
 
Tuyen is an experienced Security Programme Manager, highly strategic, analytical and performance driven professional with 7+ years of blended experience in managing strategic programs /initiatives within banking & financial, and information technology sectors. Dynamic, versatile, hands-on Program Leader who leads teams to design & implement successful projects/programs that align business objectives and deliver rapid results, within timelines, budgets, and as per specifications.
 

Catatan :
 
peserta tidak perlu membawa laptop acara ini free for everyone 

Acara ini akan diadakan pada: 27th September 2018 

From 18:00 pm - 22:00 pm 

[https://www.meetup.com/meetup-group-XxqLdaeY/events/254502146/?_xtd=gatlbWFpbF9jbGlja9oAJDM1ODIxOTk5LTZlNmYtNDA0Ny05ZDZlLThiYmYzNzQzNTgyZA&_af=event&_af_eid=254502146 REGISTER HERE]

venue : 
Faspay Working Space 
Jakarta Pusat 
'''OWASP Jakarta Night #2'''

When 
19:00 - 22:00 
Tue, Aug 7, 2018 

Where 
Venue: 
Marque at Cyber 2 Tower, 
Jl. H. R. Rasuna Said Blok X-5 Cyber 2 Tower 17th Floor, RT.7/RW.2, Kuningan Timur, Jakarta, Kota Jakarta Selatan, 12950, Indonesia 

[https://www.eventbrite.com/e/owasp-jakarta-night-2-tickets-48230657194 Registration in here] 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader , Ade Yoseman Putra 
19.15p.m - 19.30 p.m - Speech including Q & A OWASP Indonesia Co Chapter Leader by Suman Sourav 
19.30 p.m - 20.30 p.m - Speech including Q & A by David Holmes 
20.30 p.m - 21.30 p.m - Speech including Q & A by Harley Davidson Karel ([[Media:Owasp_Jakarta_Night_-2.pdf|PDF]]) 
21:30 p.m - 22.00 pm - photo together/networking session 

Topic:

'''Hybrid Cloud Security'''

Hybrid Cloud Security continues to be relevant topic. David Holmes ( Global Security Evangelist for F5 Networks) will detail F5’s experience assisting a Fortune 10 company overcome some of their security challenges in moving to a multi-cloud architecture. His presentation will also include a look at some new F5 technologies that secure and containerize application traffic.
 
Mr. Holmes is a 17-year veteran of F5 and has met with banking and finance, government, and private enterprise security teams all over the world so he usually has the measure of who is doing what and where. This is an excellent opportunity to pick his brain about architecture, industry trends, or any other security topic that is top of mind. 

More about David Holmes: 

Based in Asia Pacific, David Holmes is the Global Security Evangelist for F5 Networks. In this role, Holmes is spokesman, researcher and evangelist for F5’s threat intelligence division, with an emphasis on cryptography, distributed denial of service attacks, and the Internet of Things. He speaks at conferences such as RSA, InfoSec and Gartner Data Center.

Holmes authors white papers on security topics such as global cryptography trends and modern DDoS threat spectrum. He has also written for industry magazines such as the SCMagazine and Network World. These days,he writes regularly about vulnerabilities, technical solutions and the security industry for SecurityWeek.com and F5 Labs.

He joined F5 Networks in 2001, and, as a Principal Software Engineer, where he designed many of the system and core security features. Holmes has 20 years of experience in security and product engineering.

Prior to F5, Holmes was a Vice President of Engineering at Dvorak Development (in Boulder, CO) and a Senior Software Engineer (Security) at CyberSafe, Inc.

Holmes majored in Computer Science and Engineering Physics at the University of Colorado at Boulder. For public speaking, Holmes has a Competent Communicator award from Toastmasters International and other public speaking awards.
 

Many thanks to F5 for their sponsorship.
 

Harley Davidson Karel 

'''Topic : Static Analysis Security Testing (SAST) using open source
'''
 
Topic Extract : 

Find security issues on development stage using open source static analysis security testing (SAST), so that developer will be able to identify security issues on earlier stage of software development life cycle, rather than waiting for penetration testing stage. 

SAST demo will be conducted with command line interface usage, IDE integration, & Jenkins integration. The demo will scan and found security issues on several programming language such as Java, python, & ruby 

Bio: 

Harley Davidson Karel is working as Associate Application Security Consultant at Vantage Point Security Indonesia. He is EC-Council Certified and well trained in working in application security activities that help organisations to put security aspect in every stage of software development life cycle. He has been selected as a speaker for PyConMY 2018 Kuala Lumpur, PyConES 2018 Malaga Spain, GrillRB 2018 Wroclaw Poland.
 

 

'''OWASP Indonesia Q1 Meetup 2018'''

[[File:Owaspidq12018.jpeg|400px|center]]
==== Talks ====
 '''Reduce the Risk of a Data Breach with Open Source INTelligence (OSINT)''' 
by Ayodya (Security Engineer at Bukalapak) 
 '''Building Appsec Pipeline''' by Suman Sourav 
 '''OWASP Top 10 Mobile Application Vulnerability''' 
by Williams 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader 
19.15p.m - 20.00 p.m - Speech including Q & A by Suman Sourav 
20.00 p.m - 20.45 p.m - Speech including Q & A by Ayodya 
20.45 p.m - 21.30 p.m - Speech including Q & A by william 
==== Speakers ====

'''Ayodya'''

[[File:Ayodya.jpg|200px]] 
1. Security Engineer at Bukalapak 
2. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
3. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Williams'''

'''Suman Sourav'''
 Building Appsec Pipeline 

SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE 

Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. 

19:00 - 22:00 
Thursday, March 29, 2018 
Register :[closed] 
venue : 
[[File:Btpn.png|left]] 
Bank BTPN. Menara BTPN, 27 th floor - CBD Mega Kuningan Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950 

OWASP Jakarta Q4 2017 Meetup 
[[File:Owaspmeetupbtpn.jpg|400px|center]] 

19:00 - 22:00 
Tue, Nov 21, 2017 

BANK BTPN 
Menara BTPN - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950
 
OWASP Jakarta Q4 2017 Meetup 

Menara BTPN, 27 th floor - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 
Jakarta 12950 
Theme : Application Security in Owasp top 10 2017 
When : 
at Q1 21th november 2017 
From 19:00 pm - 22:00 pm 

[https://www.eventbrite.com/e/owasp-jakarta-q4-2017-meetup-tickets-39109060252 CLOSED] 
==== Talks ====

* '''Secure coding practices with golang''' ([[Media:Owasp-171123063052.pdf|PDF]]) by sulhaedir (IT Security Spesialis at Tokopedia) 
* '''OWASP Risk Rating Management Project'''([[Media:Riskratingmanagement-170615172835.pdf |PDF]]) by M febri 

==== Speakers ====

'''sulhaedir'''

[[File:Sulhaedir.jpg|200px]]

Sulhaedir have 6 years experience in information security. he work as security specialist at TOKOPEDIA. he also Security research in nemosecurity 
 
'''M.Febri''' 

[[File:Febri.jpg|200px]] 

he work as Security Consultant at Visionet. 

Thanks for sponsor this meetup 
{{MemberLinks|link=https://www.btpn.com/ |logo=Bank_btpn.jpg }}

 
'''Workshop OWASP at "Sofware Freedom Day 2017"''' 
[[File:Sofware freedom day 2017.jpg|200px]] 

 workshop with KSL UBL "improving Security Attack and Defense with OWASP" 

when : Sat, September 16, 08:00 – 15:00 pm 
Auditorium Universitas Budi Luhur, Jl. Ciledug Raya No.126, RT.1/RW.2, Petukangan Utara, Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12260, Indonesia 
'''OWASP Indonesia Day 2017'''
[[File:Owaspdayid1.jpeg|center]]
 when Developers, startups, hackers will meet..
just visit us @ OWASP Indonesia Day 2017 
Yogyakarta, 09 th september 2017 
 https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 

if you interested sponsor our events just contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] 

'''OWASP Jakarta Tech Day Meetup 2017'''
[[File:Owaspmeetup2.jpg|left|frameless]]
OWASP Jakarta succesfully host meetup on May 2017

with Theme: "How Secure Ecommerce"

Date: 14 May 2017 02 pm to 05 pm (GMT+7 Jakarta)

Venue: PTC Pulogadung Trade Centre Ballroom 2nd Floor

Jalan Raya Bekasi, RW.3, Rw. Terate, Cakung, Kota Jakarta Timur, DKI Jakarta 13920

Google Maps :

https://goo.gl/maps/gmZnSofLvEF2

==== Talks ====
* '''Turning Legal Website into DDoS Tool''' by Kalpin Erlangga (Indonesia Honeynet Project) ([[Media:IHP-OWASP-Kalpin-Presentation_-_Template-OWASP-Final.pdf|PDF]]) .
* '''The Art of phishing, and how to save yourself''' by Oliver Valentino (Security analyst [http://www.bukalapak.com BUKALAPAK]) ([[Media:OWASP_presentation_-Oliver_Valentino_-.pdf|PDF]]) 
* '''Trend Defacement On Indonesia E-Commerce Website''' by Achmad Syafaat (ID-SIRTII/CC) 
* '''Client Side Security And Testing Tools''' by David Cervigni ( [https://mindedsecurity.com/index.php/about-us/company Minded Security]) ([[Media:OWASP_presentation_jkt2017.pdf|PDF]])
* ''' Hacking as a Livestyle''' Matias Prasodjo(Dracos) ([[Media:Hacking_Live_Style_-_OWASP_Jakarta.pdf|PDF]]) 

==== Speakers ====
==== '''Kalpin Erlangga Silaen''' ====

[[File:Kelpin2.jpg]]

Kalpin Erlangga Silaen is a senior security consultant with experience more than 15 years in IT. He is a graduate of the Master of Computer in Faculty of Engineering and IT at Swiss German University. He was first winner as a team at Cyber Defense Competition, Ministry of Defense of Indonesia on 2013

(Jakarta) and 2014 (Surabaya). He has experience as security penetration tester for various industry such as telecommunication, banking, finance, and government for more than 7 years. His interests includes network and cloud security

'''Oliver Valentino'''

Oliver Valentino is a tech evangelist and security enthusiast. Currently work as a security analyst at [http://www.bukalapak.com bukalapak]. Got his bachelor degree from Universitas Advent Indonesia Bandung

'''David Cervigni'''

[[File:Dvd.jpg]]

David Cervigni is a Senior Security Consultant of the [https://mindedsecurity.com/index.php/about-us/company Minded Security] consultants team. He has a strong experience in collaborating closely with developer teams to securing SDLC and DevOps systems. His specialties include secure coding training, vulnerability assessment, manual and automated code review solutions, critical software design and compliance. His experience maturated mostly in the financial sector and in the biggest institutions across Swiss and UK markets. He holds a master's degree in computer science from the University of Camerino.

'''Achmad Syafaat'''

'''Matias Prasodjo'''

Matias Prasodjo is Vice Leader [https://dracos-linux.org/ DracOs Linux Team]. he is Subject Matter Expert Security and System at PT Lintas Teknologi Indonesia.

==Past Meetup==
OWASP Indonesia Meetup I 2017 on March 4 th, 2017 
See More [https://www.owasp.org/index.php/OWASP_Indonesia_Meetup_I_2017 OWASP Indonesia Meetup I 2017 on March 4 th, 2017]

=Bahasa=

OWASP Indonesia adalah sebuah salah satu cabang dari Yayasan OWASP di belahan dunia. Yayasan OWASP adalah terbuka dan organisasi non profit.Kami membuka kesempatan kepada orang indonesia untuk bergabung serta berkontribusi pada OWASP Indonesia (Jakarta) Chapter.

Apa Yang Bisa anda kontribusi kan pada Yayasan OWASP
===OWASP Indonesia Chapter===
1. Anda bisa menyediakan Tempat untuk Agenda kami 
2. Anda bisa menjadi Speaker & Trainer dalam setiap Event kami 
3. Anda bisa menjadi University Supporter Kami 
4. Anda bisa menjadi Donatur kami 
5. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) 

===OWASP Foundation===
1. Anda bisa menjadi Speaker & Trainer dalam setiap Event Yayasan OWASP di seluruh dunia 
2. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) pada Yayasan OWASP Global 

how to register OWASP membership, berikut saya sudah jelaskan step by stepnya di [http://www.owasp.or.id/2017/01/owasp-membership.html web owasp.or.id]

==Berita==

Kami mencari volunteer untuk penerjemahan OWASP 2013 Top Ten dari Bahasa Inggris ke dalam Bahasa. Saat Ini sedang dalam pengerjaan / On Progress.
Silahkan bergabung dengan tim kami [https://www.owasp.org/index.php/OWASP_Top_10_2013_-_Bahasa_Indonesia tim penerjamah OWASP 2013 Top 10-Bahasa]

=Our Chapter Leadership=

{| class="wikitable"
|-
! scope="col" style="width: 20%; font: bold;" |''' Chapter Leadership Board Member Role'''
! scope="col" |Responsibilities
! scope="col" |Person(s)
|-
|Chapter Leader / Chairman
|The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair.
|Ade Yoseman Putra

|-
|Sponsor Coordinator
|Serves as the primary liaison between the Chapter and all sponsors, and solicits sponsors for the Chapter meetings, happy hours, and other events.
|Hilman Aditya

|-
|Speaker and Special Event Coordinator
|Seeks and schedules speakers for monthly Chapter meetings and other events.
|Dewo Nur Satrio
|-

|Conference/Event/Meetup Coordinator
|Coordinates all of the efforts for the annual OWASP Indonesia Day, OWASP Jakarta Night & all OWASP Jakarta Events.
|Eka Syahfitri
|-
|PR/Marketing Coordinator/Designer Grafis
|Provides marketing of OWASP Indonesia Day and other Chapter events.
|Muhamad Iqbal Dewanto

|-
|Equipment Committee
|Equipment Committee for OWASP Meetup
|Bima

|-
|Volunteer
|Volunteer Lists
|Achmad Syafaat, Gumux Hijack, Ali Kaharu

|-
|Finance
|The Chapter Leader is designated as primary person responsible for Chapter budget and Chapter expense approvals.
The previous Chapter Leader is designated as secondary approver, who also will approve any expenses submitted by the Chapter Leader.
|

|-
|Advisory Board Members
|Made up of previous Chapter leaders who provide mentoring, coaching, and assistance to the board and contribute to the Chapter’s success.
|

|}

<headertabs></headertabs>

Ade Yoseman Putra

2019-12-20T03:51:14Z

Yoseman:

=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/archive/2019/projects/5673600424607744/ Mentor of Google Summer of Code 2019]
=Quotes=
=Mentions=
[https://portswigger.net/daily-swig/early-warning-website-defacement-alert-utility-debuts-in-the-desert Early warning: Website defacement alert utility debuts in the desert]

 

=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

OWASP SecureTea Project

2019-11-23T15:18:45Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

== Maintenance notice ==

This site is no longer maintained: please go to https://www2.owasp.org/www-project-securetea/ for our new website!

==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [30 Mei 2018] Present at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting]
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker] 
Presentation ([[Media:OWASPSecuretea2017.pdf|Old PDF-2017]])

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of the project [https://github.com/OWASP/SecureTea-Project/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

Ade Yoseman Putra

2019-09-20T02:46:24Z

Yoseman:

=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/projects/#5433531277246464 Mentor of Google Summer of Code 2019]
=Quotes=
=Mentions=
[https://portswigger.net/daily-swig/early-warning-website-defacement-alert-utility-debuts-in-the-desert Early warning: Website defacement alert utility debuts in the desert]

 

=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Jakarta

2019-09-17T12:42:35Z

Yoseman:

[[image:OWASPidn1.jpg|center|500px]]
{{Chapter Template|chaptername=Jakarta|extra=The chapter leader is [mailto:ade.putra@owasp.org Ade Yoseman Putra]
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-jakarta|emailarchives=http://lists.owasp.org/pipermail/owasp-jakarta}}
[[Category:OWASP Chapter]]
[[Category:Indonesia]]
[[Category:Asia/Pacific/Middle East]]

Bhinneka Tunggal Ika 
united we stand divided we fall 
OWASP Indonesia 

OWASP Indonesia now officially has meetup in jakarta and yogyakarta. Yogyakarta is very special for owasp indonesia. We are non-profit organization. We are pleasure and welcome to all Indonesian to join us and share the knowledge, skill, idea and related to make OWASP Jakarta Project are benefit to everybody. OWASP Jakarta Project as well are the pioneer project for Web Security Application. Any private sector want to contribute and sponsor are welcome.
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 
 Please Donate Our Chapter 
[[Image:Btn_donate_SM.gif|120px|link=https://www.regonline.com/builder/site/Default.aspx?EventID=1044369]] 
=='''Stay in contact:'''==
<center>
{| cellspacing="15"
|-
| [[Image:Meetup-logo-2x.png|120px|link=https://www.meetup.com/meetup-group-XxqLdaeY]]
| [[Image:Follow-us-on-twitter.png|175px|link=http://twitter.com/OwaspJakarta]]
| [[Image:Wa2.jpeg|175px|link=https://chat.whatsapp.com/invite/KVpddPbKCTj4ErVwljbUYg]]
| [[Image:Fb.png|175px|link=http://www.facebook.com/owaspid]]
| [[Image:Web.jpg|175px|link=http://www.OWASP.or.id]]
| [[Image:Tele.jpg|175px|link=https://t.me/joinchat/KiPz5hOjsLPxWQ6bYVJusQ]]
|}
</center>
== '''Stay Updated''' ==

=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[ http://lists.owasp.org/mailman/listinfo/owasp-jakarta join our milis]

For all new members and existing member please free to contribute to OWASP Jakarta Chapter and if you are commitment to help OWASP Jakarta please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Jakarta please to contact [mailto:ade.putra@owasp.org OWASP Admin]. We still open Recruitment to join with us. if you interested feel free for contact me.
 We are welcome to join our conversation. If any query don't hesitate to contact [mailto:ade.putra@owasp.org OWASP Admin]. Everyone is welcome to join us at our chapter meetings.

'''NOTE: OWASP now promote for who want to become Official Members for Jakarta Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://www.owasp.or.id/2017/01/owasp-membership.html REGISTER]) OWASP Memberships'''

__NOTOC__

=English=

==NEWS==

==Events==
<meetup group="meetup-group-XxqLdaeY"/>

=== 2019 ===
Mentor for Google Summer Of Code 2019 {https://summerofcode.withgoogle.com/projects/#5433531277246464}

==Past Security Events==

=== 2018 ===

6WASP Appsec Europe 2018 [https://appseceurope2018a.sched.com/ade.putra 2th-6th july 2018, UK] 

Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP TAIWAN SUMMIT 2018 ] Taipei, Taiwan 

Open Security Summit 2018 [https://open-security-summit.org/participant-remote/ade-yoseman/ @Remotely, Open Security Summit 2018 ] London, UK.

OWASP Sendai Chapter Meeting 2018, [https://owaspsendai.connpass.com/event/84885/ Sendai Japan] 27 th april 2018

Blackhat Asia Singapore 2018 Bussiness Hall [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 "TRENDS AND STRATEGIES FOR SECURING THE INTERNET OF THINGS"] 23 th March 2018

Blackhat Asia Singapore 2018 Arsenal [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 @Arsenal, Blackhat Asia Singapore 2018] 

=== 2017 ===

Codebali International Cyber Security Conference and Exhibitions 2017, [https://www.codebali.net/speaker FIRST-TC], 26-29 th September 2017

National Seminar of Research & Development Id-SIRTII/CC 2017, Hotel Grand Tjokro Bandung West Java Indonesia Theme : [http://riset.idsirtii.or.id/ Tren IOT & Mobile System] 27 July 2017

Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017 ] 11 - 13 July 2017

OWASP Summit 2017 London, England [Participants from OWASP Jakarta Chapter is [https://owaspsummit.org/Participants/remote/Ade-Yoseman-Putra.html Ade Yoseman],
[https://owaspsummit.org/Participants/remote/Petty-Meisari.html Petty Meisari] & 12-16 June 2017 

Blackhat Asia Singapore 2017 [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra @Arsenal, Blackhat Asia Singapore 2017] 30 - 31 March 2017 

=== 2016 ===
OWASP DAY KL 2016 Malaysia [https://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASPKL2016] 15 - 17 November 2016

==History==
On December 2016, [http://www.owasp.org/index.php/Ade_Yoseman_Putra Ade Yoseman reactive OWASP Indonesia]

==Project Volunteering==

OWASP Juice Shop UI v2.21.1 available in Indonesian language! 🇮🇩 (Preview: [[http://juice-shop-staging.herokuapp.com OWASP Juice Shop]]) download https://github.com/bkimminich/juice-shop/releases/tag/v2.21.1 

==Project On Progress==
Here the lists Project have been submit by OWASP JAKARTA Chapter Projects Members 
OWASP Jakarta Projects 

=== 2017 ===
[[OWASP_SecureTea_Project|OWASP SecureTea Project]] 

=== 2019 ===
[[Risk Assessment Framework|Risk Assessment Framework]] 

==Sponsoring==
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Indonesia. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] to talk about the following sponsoring possibilities.

Chapter Supporter 
Single Meeting Supporter 
Facility Sponsor 
Organization Supporters (allocating 40% of your annual donation to our Chapter) 

=='''Local Chapter Supporter'''==
'''
==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Indonesia chapter meetings: 

[[Image:mozid.jpg‎|200px||link=http://www.mozilla.or.id/ |alt=Mozzilla Indonesia]]
==Corporate Sponsors==

[[Image:Rumahweb.png‎|200px||link=https://www.rumahweb.com/ |alt=Rumah Web]]
[[Image:F5.png‎|200px||link=https://www.f5.com/ |alt=f5 Networks]]
[[Image:Bank_btpn.jpg‎|200px||link=https://www.btpn.com/ |alt=Bank BTPN]]
[[Image:FASPAY.png|200px||link=https://www.faspay.co.id/ |alt=Faspay PT. Media Indonusa]]
[[Image:Bankmandiri.png|200px||link=https://www.bankmandiri.co.id/ |alt=Bank Mandiri]]
[[Image:Logo-Bukalapak.png|200px||link=https://www.bukalapak.com/|alt=BUKALAPAK]]
[[Image:Logo-codemargonda (1).png|200px||link=https://www.codemargonda.com/|alt=Codemargonda]]
==Government Agency==

== Community ==
[[Image:Ncsd.PNG|200px||link=https://ncsd.or.id/|alt=National Cyber Security Defence ]]
[[Image:Bsidesid.png‎|200px||link=http://www.securitybsides.com/w/page/118994457/BSidesIndonesia/ |alt=BSidesIndonesia]]

=Meetup=
==Next Meetup==

We Are Currently seeking venue and sponsorship for owasp monthly meetup. if your company interested support us please email us : indonesia2018@owasp.org 
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 

'''OWASP Jakarta Night Q4 2018 @Bukalapak.com'''

When: 28th November 2018 

From 17:00 pm - 22:00 pm 

venue : 
Bukalapak Engineering Office, Jalan Ampera Raya, RT.5/RW.10, Ragunan, South Jakarta City, Jakarta Indonesia
 

Sesi ini akan mendiskusikan tentang : 
1. Keynote speech by Badan Siber Sandi Negara / BSSN (Tbc) 
2. Security Championing by Vandy Putrandika 
3. Novice to expert in Deep Learning and why it's necessary? by rohit parab 
4. An architectural approach for decentralized applications by Ayodya Dewangga S R 

'''Event Program:''' 
17:00pm -18:00 pm - Arrival Participant & Registration 
18.00p.m - 18.30p.m - Keynote speech - Badan Siber Sandi Negara / BSSN (Tbc) 
18:30 pm – 19:15 p.m - Speech by Vandy Putrandika 
19.15 p.m - 19.45 p.m - Speech including Q & A by Rohit Parab 
20.45 p.m - 21.45 p.m - Speech including Q & A by Ayodya 
21:45 p.m - 22.00 pm - Networking Session /Photo Together 

This Meetup provide free Snack & food 

Sponsored by Bukalapak.com 

'''Topic: Security Championing''' 
Abstract: 

Resource, visibility and advocacy are always the main problems for the information security team in any company. Time and head count will always be scarce for the mandated scope of work. For a security bug, we might have to check all corners, rather than someone telling it to us. And no one actually thinks that infosec guys are the hero, right? 

Security championing model tries to be the silver bullet for all those, especially in companies who want to incorporate DevSecOps. Yet, the implementation is not without obstacle. It may even introduce new problems along the way. 

End of the talk one would be able to understand 

1. What is security championing? 
2. Who should implement security champion model and when is the best time? 
3. Where we can find and evangelize these security champions?
 
Bio:
 
'''Vandy Putrandika''' 
Vandy is a security, governance and project management generalist who is passionate about digital strategy and transformation. Currently he works at Bukalapak as the Head of Information Security and managing the super-awesome security team inside while juggling with several security programs.
 

Topic : 
'''An architectural approach for decentralized applications'''

1. Understanding web 2.0 and web 3.0 
2. The pros and cons of web 3.0 
3. What are decentralized applications? 
4. What are the benefits of decentralized application? 
5. How to build a decentralized application? 
6. How to secure decentralized application? 

'''Ayodya Dewangga S R'''

1. E-Channel Product Development Risk Officer at PT Bank Mandiri (Persero) Tbk 
2. Chief Information Security Officer at PT Dekodr Solusi Digital Indonesia 
3. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
4. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Rohit Parab '''

'''Title - Novice to expert in Deep Learning and why it's necessary?
'''
Bio - Co-Founder & CEO at Praemineo, Inc (The Artificial Intelligence Company). Almost a decade of solid hands-on experience in full life-cycle software development. Built applications in as varied as Desktop, Web and now in AI. Experienced in building high performance teams for high output in quicktime. A UX person. Strongly believes that a complete code should not just work, but also be clean and maintainable. An Artificial Intelligence enthusiast. 

Abstract - In brief, I will be sharing how someone can 

1. Get started with Deep Learning. 
2. What are the basic requirements. 
3. Online free resources. 
4. How much of math is required. 
5. What is the current state of Deep Learning and its effects on future. 

==Past Meetup==

'''OWASP JAKARTA NIGHT Q4 2018 '''

When: 22th October 2018 

From 17:00 pm - 22:00 pm 

venue : 

Plaza Mandiri Auditorium lantai 3 
Jl jendral gatot subroto Kav. 36-38 Jakarta 12190, Indonesia 

This Meetup provide free drink & food 

Sponsored by Bank Mandiri 

'''Talk''' 
1. How to protecting critical infrastructure national (Study case: asian games 2018) by Yusuf Hadiwinata Sutandar 

2. Security Engineering by Semi Yulianto 

Abstract: 
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. 

Topics: 
- Security Objectives 
- Security Design Guidelines 
- Security Modeling 
- Security Architecture and Design Review 
- Security Code Review 
- Security Testing 
- Security Tuning 
- Security Deployment Review 

These activities are designed to help meet security objectives in the software life cycle. 
Sesi ini including : 
Demo: Threat Modeling, Secure Code Review & Dynamic Analysis 

Short bio : 
Semi Yulianto 
BSc. (Accounting), M.IT (IT Security & Governance) 
Doctor in IT, Student at Graduate School of University of the East (Manila, Philippines)
MCT, MCDBA, MCTS, MCITP, MCSA, MCSE, MCT, CCNP, CWNA, CEH, ECSA, CHFI, ECSP, EDRP, CND,
CEI, SSCP, CISSP, CSSLP, CISA, CISM, CySA+, CASP, OSSA, CASE Java.
Co-Founder & CEO, Chief Hacking Officer (CHO) of PT. Systech Global Informasi (SGI Asia). 

Information Security Interim Consultant / Subject Matter Expert (SME) at PT. Trinusa Travelindo (Traveloka). 

Information Security/Cyber Security Practitioner, Consultant & Senior Technical Trainer 

More than 20 years working experience in the IT industry with experiences in the area of
Application and Software Development (Database and Management), Operating Systems,
Server Systems, Messaging and Collaboration, Inter-networking, Network Infrastructure,
Desktop Support and Application (Secure Programming & SDL) and Network Security. Has
trained IT Professionals from diverse organizations in Asia Pacific, Middle East and Africa
region namely Indonesia, Malaysia, Singapore, Thailand, Bhutan, Cambodia, Philippines, Saudi
Arabia/KSA, Tunisia, Morocco & South Korea. Proven track of records in delivering High
Quality IT training with very good to excellent feedback ratings (full clients’ satisfaction).
Deep knowledge and excellent skills on Vulnerability Assessment, Ethical Hacking,
Penetration Testing, IT Audit and Computer Forensics with combination of Technical and
Management expertise. Interested in Exploit Writing, Malware Analysis, Forensics on Moving
Data, and Cloud Computing Security. 
Mission: 'To create Awareness and Educate People in Information Systems Security' 

3. DevSecOps Automation: Speedup software delivery with security in mind by Denny 

Desc: 
Integrating SAST and DAST into SDLC (CI/CD) to quickly find potential security problem in both code and runtime, without sacrificing delivery time.
Focusing on the speed on deliveries and creating secure by default software,
 

Bio: 

Denny began his IT career as a software developer, have 5 years experience in developing application on various platform and it was a great advantage to jump into application security as a professional penetration tester for almost 5 years. Now working for Vantage Point Security as a Senior Application Security Consultant, focusing in Security Testing Integration into SDLC process. 

• Event Program: 
18.00 p.m - 18.30 p.m - Arrival Participant & Registration 
18:30 pm – 18:45 p.m - Speech by Nadira Bajrei from Bank Mandiri 
18.45p.m - 19.30 p.m - Speech including Q & A by Denny 
19.30 p.m - 20.30 p.m - Speech including Q & A by Yusuf Hadiwinata Sutandar 
20.30 p.m - 21.30 p.m - Speech including Q & A by Semi Yulianto 
21:30 p.m - 22.00 pm - photo together / networking Session 

OWASP Indonesia Online Session Talk 
Title: Strengthen and Scale security using DevSecOps([[Media:Devsecops-owasp-indonesia.pdf|PDF]]) 
Thursday, October 4, 2018 
1:00 PM to 2:00 PM 

Register : https://www.meetup.com/meetup-group-XxqLdaeY/events/255089357/ 
Speaker Bio 

Imran "secfigo" Mohammed is a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He is also the author of OWASP DevSecOps Studio, OWASP DevSlop and Awesome-Fuzzing projects. 

He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking/training in conferences like Blackhat, OWASP AppSec, DevSecCon, PyCon, NullCon, All Day DevOps, Null and OWASP chapters. 

'''OWASP JAKARTA NIGHT Q3 2018 '''
Sesi ini akan mendiskusikan tentang : 
'''
Web Application by Design with OWASP''' 

Pembicara 
1. First Step to Web Application ISO27001 vs PCIDSS VS OWASP TOP 10 by Elias (Head of System Development Faspay) ([[Media:OWASPNightFaspay.pdf|PDF]]) 
2. Building a tailored AppSec Program using OpenSAMM by Suman Sourav & Tuyen Do 

'''Abstract: Building a tailored AppSec Program using OpenSAMM''' 
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices 
• Building a balanced software security program in well-defined iterations 
• Demonstrating concrete improvements to a security assurance program 
• Defining and measuring security-related activities within an organization 
 
This session is focused on the practical implementation of an AppSec Program based on your organization needs and business risk appetite. Most of the AppSec program fails because of lack of programmatic approach and strategic rollout. Participants will learn about an importance of a Security Program Management, how it solves people, process and technologies challenges in implementing an AppSec program, driving results and metrics relevant to the different stakeholders. 

Speaker Bio:
 
Suman is a Certified Secure Software Lifecycle Professional (CSSLP) having more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds a unified approach to deal with the root cause of software security problems. Currently he is working with Vantage Point Security as a Regional Program Director for Vantage Point Security and helping clients in SEA region to implement application security program.
 
Tuyen is an experienced Security Programme Manager, highly strategic, analytical and performance driven professional with 7+ years of blended experience in managing strategic programs /initiatives within banking & financial, and information technology sectors. Dynamic, versatile, hands-on Program Leader who leads teams to design & implement successful projects/programs that align business objectives and deliver rapid results, within timelines, budgets, and as per specifications.
 

Catatan :
 
peserta tidak perlu membawa laptop acara ini free for everyone 

Acara ini akan diadakan pada: 27th September 2018 

From 18:00 pm - 22:00 pm 

[https://www.meetup.com/meetup-group-XxqLdaeY/events/254502146/?_xtd=gatlbWFpbF9jbGlja9oAJDM1ODIxOTk5LTZlNmYtNDA0Ny05ZDZlLThiYmYzNzQzNTgyZA&_af=event&_af_eid=254502146 REGISTER HERE]

venue : 
Faspay Working Space 
Jakarta Pusat 
'''OWASP Jakarta Night #2'''

When 
19:00 - 22:00 
Tue, Aug 7, 2018 

Where 
Venue: 
Marque at Cyber 2 Tower, 
Jl. H. R. Rasuna Said Blok X-5 Cyber 2 Tower 17th Floor, RT.7/RW.2, Kuningan Timur, Jakarta, Kota Jakarta Selatan, 12950, Indonesia 

[https://www.eventbrite.com/e/owasp-jakarta-night-2-tickets-48230657194 Registration in here] 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader , Ade Yoseman Putra 
19.15p.m - 19.30 p.m - Speech including Q & A OWASP Indonesia Co Chapter Leader by Suman Sourav 
19.30 p.m - 20.30 p.m - Speech including Q & A by David Holmes 
20.30 p.m - 21.30 p.m - Speech including Q & A by Harley Davidson Karel ([[Media:Owasp_Jakarta_Night_-2.pdf|PDF]]) 
21:30 p.m - 22.00 pm - photo together/networking session 

Topic:

'''Hybrid Cloud Security'''

Hybrid Cloud Security continues to be relevant topic. David Holmes ( Global Security Evangelist for F5 Networks) will detail F5’s experience assisting a Fortune 10 company overcome some of their security challenges in moving to a multi-cloud architecture. His presentation will also include a look at some new F5 technologies that secure and containerize application traffic.
 
Mr. Holmes is a 17-year veteran of F5 and has met with banking and finance, government, and private enterprise security teams all over the world so he usually has the measure of who is doing what and where. This is an excellent opportunity to pick his brain about architecture, industry trends, or any other security topic that is top of mind. 

More about David Holmes: 

Based in Asia Pacific, David Holmes is the Global Security Evangelist for F5 Networks. In this role, Holmes is spokesman, researcher and evangelist for F5’s threat intelligence division, with an emphasis on cryptography, distributed denial of service attacks, and the Internet of Things. He speaks at conferences such as RSA, InfoSec and Gartner Data Center.

Holmes authors white papers on security topics such as global cryptography trends and modern DDoS threat spectrum. He has also written for industry magazines such as the SCMagazine and Network World. These days,he writes regularly about vulnerabilities, technical solutions and the security industry for SecurityWeek.com and F5 Labs.

He joined F5 Networks in 2001, and, as a Principal Software Engineer, where he designed many of the system and core security features. Holmes has 20 years of experience in security and product engineering.

Prior to F5, Holmes was a Vice President of Engineering at Dvorak Development (in Boulder, CO) and a Senior Software Engineer (Security) at CyberSafe, Inc.

Holmes majored in Computer Science and Engineering Physics at the University of Colorado at Boulder. For public speaking, Holmes has a Competent Communicator award from Toastmasters International and other public speaking awards.
 

Many thanks to F5 for their sponsorship.
 

Harley Davidson Karel 

'''Topic : Static Analysis Security Testing (SAST) using open source
'''
 
Topic Extract : 

Find security issues on development stage using open source static analysis security testing (SAST), so that developer will be able to identify security issues on earlier stage of software development life cycle, rather than waiting for penetration testing stage. 

SAST demo will be conducted with command line interface usage, IDE integration, & Jenkins integration. The demo will scan and found security issues on several programming language such as Java, python, & ruby 

Bio: 

Harley Davidson Karel is working as Associate Application Security Consultant at Vantage Point Security Indonesia. He is EC-Council Certified and well trained in working in application security activities that help organisations to put security aspect in every stage of software development life cycle. He has been selected as a speaker for PyConMY 2018 Kuala Lumpur, PyConES 2018 Malaga Spain, GrillRB 2018 Wroclaw Poland.
 

 

'''OWASP Indonesia Q1 Meetup 2018'''

[[File:Owaspidq12018.jpeg|400px|center]]
==== Talks ====
 '''Reduce the Risk of a Data Breach with Open Source INTelligence (OSINT)''' 
by Ayodya (Security Engineer at Bukalapak) 
 '''Building Appsec Pipeline''' by Suman Sourav 
 '''OWASP Top 10 Mobile Application Vulnerability''' 
by Williams 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader 
19.15p.m - 20.00 p.m - Speech including Q & A by Suman Sourav 
20.00 p.m - 20.45 p.m - Speech including Q & A by Ayodya 
20.45 p.m - 21.30 p.m - Speech including Q & A by william 
==== Speakers ====

'''Ayodya'''

[[File:Ayodya.jpg|200px]] 
1. Security Engineer at Bukalapak 
2. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
3. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Williams'''

'''Suman Sourav'''
 Building Appsec Pipeline 

SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE 

Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. 

19:00 - 22:00 
Thursday, March 29, 2018 
Register :[closed] 
venue : 
[[File:Btpn.png|left]] 
Bank BTPN. Menara BTPN, 27 th floor - CBD Mega Kuningan Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950 

OWASP Jakarta Q4 2017 Meetup 
[[File:Owaspmeetupbtpn.jpg|400px|center]] 

19:00 - 22:00 
Tue, Nov 21, 2017 

BANK BTPN 
Menara BTPN - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950
 
OWASP Jakarta Q4 2017 Meetup 

Menara BTPN, 27 th floor - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 
Jakarta 12950 
Theme : Application Security in Owasp top 10 2017 
When : 
at Q1 21th november 2017 
From 19:00 pm - 22:00 pm 

[https://www.eventbrite.com/e/owasp-jakarta-q4-2017-meetup-tickets-39109060252 CLOSED] 
==== Talks ====

* '''Secure coding practices with golang''' ([[Media:Owasp-171123063052.pdf|PDF]]) by sulhaedir (IT Security Spesialis at Tokopedia) 
* '''OWASP Risk Rating Management Project'''([[Media:Riskratingmanagement-170615172835.pdf |PDF]]) by M febri 

==== Speakers ====

'''sulhaedir'''

[[File:Sulhaedir.jpg|200px]]

Sulhaedir have 6 years experience in information security. he work as security specialist at TOKOPEDIA. he also Security research in nemosecurity 
 
'''M.Febri''' 

[[File:Febri.jpg|200px]] 

he work as Security Consultant at Visionet. 

Thanks for sponsor this meetup 
{{MemberLinks|link=https://www.btpn.com/ |logo=Bank_btpn.jpg }}

 
'''Workshop OWASP at "Sofware Freedom Day 2017"''' 
[[File:Sofware freedom day 2017.jpg|200px]] 

 workshop with KSL UBL "improving Security Attack and Defense with OWASP" 

when : Sat, September 16, 08:00 – 15:00 pm 
Auditorium Universitas Budi Luhur, Jl. Ciledug Raya No.126, RT.1/RW.2, Petukangan Utara, Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12260, Indonesia 
'''OWASP Indonesia Day 2017'''
[[File:Owaspdayid1.jpeg|center]]
 when Developers, startups, hackers will meet..
just visit us @ OWASP Indonesia Day 2017 
Yogyakarta, 09 th september 2017 
 https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 

if you interested sponsor our events just contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] 

'''OWASP Jakarta Tech Day Meetup 2017'''
[[File:Owaspmeetup2.jpg|left|frameless]]
OWASP Jakarta succesfully host meetup on May 2017

with Theme: "How Secure Ecommerce"

Date: 14 May 2017 02 pm to 05 pm (GMT+7 Jakarta)

Venue: PTC Pulogadung Trade Centre Ballroom 2nd Floor

Jalan Raya Bekasi, RW.3, Rw. Terate, Cakung, Kota Jakarta Timur, DKI Jakarta 13920

Google Maps :

https://goo.gl/maps/gmZnSofLvEF2

==== Talks ====
* '''Turning Legal Website into DDoS Tool''' by Kalpin Erlangga (Indonesia Honeynet Project) ([[Media:IHP-OWASP-Kalpin-Presentation_-_Template-OWASP-Final.pdf|PDF]]) .
* '''The Art of phishing, and how to save yourself''' by Oliver Valentino (Security analyst [http://www.bukalapak.com BUKALAPAK]) ([[Media:OWASP_presentation_-Oliver_Valentino_-.pdf|PDF]]) 
* '''Trend Defacement On Indonesia E-Commerce Website''' by Achmad Syafaat (ID-SIRTII/CC) 
* '''Client Side Security And Testing Tools''' by David Cervigni ( [https://mindedsecurity.com/index.php/about-us/company Minded Security]) ([[Media:OWASP_presentation_jkt2017.pdf|PDF]])
* ''' Hacking as a Livestyle''' Matias Prasodjo(Dracos) ([[Media:Hacking_Live_Style_-_OWASP_Jakarta.pdf|PDF]]) 

==== Speakers ====
==== '''Kalpin Erlangga Silaen''' ====

[[File:Kelpin2.jpg]]

Kalpin Erlangga Silaen is a senior security consultant with experience more than 15 years in IT. He is a graduate of the Master of Computer in Faculty of Engineering and IT at Swiss German University. He was first winner as a team at Cyber Defense Competition, Ministry of Defense of Indonesia on 2013

(Jakarta) and 2014 (Surabaya). He has experience as security penetration tester for various industry such as telecommunication, banking, finance, and government for more than 7 years. His interests includes network and cloud security

'''Oliver Valentino'''

Oliver Valentino is a tech evangelist and security enthusiast. Currently work as a security analyst at [http://www.bukalapak.com bukalapak]. Got his bachelor degree from Universitas Advent Indonesia Bandung

'''David Cervigni'''

[[File:Dvd.jpg]]

David Cervigni is a Senior Security Consultant of the [https://mindedsecurity.com/index.php/about-us/company Minded Security] consultants team. He has a strong experience in collaborating closely with developer teams to securing SDLC and DevOps systems. His specialties include secure coding training, vulnerability assessment, manual and automated code review solutions, critical software design and compliance. His experience maturated mostly in the financial sector and in the biggest institutions across Swiss and UK markets. He holds a master's degree in computer science from the University of Camerino.

'''Achmad Syafaat'''

'''Matias Prasodjo'''

Matias Prasodjo is Vice Leader [https://dracos-linux.org/ DracOs Linux Team]. he is Subject Matter Expert Security and System at PT Lintas Teknologi Indonesia.

==Past Meetup==
OWASP Indonesia Meetup I 2017 on March 4 th, 2017 
See More [https://www.owasp.org/index.php/OWASP_Indonesia_Meetup_I_2017 OWASP Indonesia Meetup I 2017 on March 4 th, 2017]

=Bahasa=

OWASP Indonesia adalah sebuah salah satu cabang dari Yayasan OWASP di belahan dunia. Yayasan OWASP adalah terbuka dan organisasi non profit.Kami membuka kesempatan kepada orang indonesia untuk bergabung serta berkontribusi pada OWASP Indonesia (Jakarta) Chapter.

Apa Yang Bisa anda kontribusi kan pada Yayasan OWASP
===OWASP Indonesia Chapter===
1. Anda bisa menyediakan Tempat untuk Agenda kami 
2. Anda bisa menjadi Speaker & Trainer dalam setiap Event kami 
3. Anda bisa menjadi University Supporter Kami 
4. Anda bisa menjadi Donatur kami 
5. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) 

===OWASP Foundation===
1. Anda bisa menjadi Speaker & Trainer dalam setiap Event Yayasan OWASP di seluruh dunia 
2. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) pada Yayasan OWASP Global 

how to register OWASP membership, berikut saya sudah jelaskan step by stepnya di [http://www.owasp.or.id/2017/01/owasp-membership.html web owasp.or.id]

==Berita==

Kami mencari volunteer untuk penerjemahan OWASP 2013 Top Ten dari Bahasa Inggris ke dalam Bahasa. Saat Ini sedang dalam pengerjaan / On Progress.
Silahkan bergabung dengan tim kami [https://www.owasp.org/index.php/OWASP_Top_10_2013_-_Bahasa_Indonesia tim penerjamah OWASP 2013 Top 10-Bahasa]

=Our Chapter Leadership=

{| class="wikitable"
|-
! scope="col" style="width: 20%; font: bold;" |''' Chapter Leadership Board Member Role'''
! scope="col" |Responsibilities
! scope="col" |Person(s)
|-
|Chapter Leader / Chairman
|The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair.
|Ade Yoseman Putra

|-
|Sponsor Coordinator
|Serves as the primary liaison between the Chapter and all sponsors, and solicits sponsors for the Chapter meetings, happy hours, and other events.
|Hilman Aditya

|-
|Speaker and Special Event Coordinator
|Seeks and schedules speakers for monthly Chapter meetings and other events.
|Dewo Nur Satrio
|-

|Conference/Event/Meetup Coordinator
|Coordinates all of the efforts for the annual OWASP Indonesia Day, OWASP Jakarta Night & all OWASP Jakarta Events.
|Eka Syahfitri
|-
|PR/Marketing Coordinator/Designer Grafis
|Provides marketing of OWASP Indonesia Day and other Chapter events.
|Muhamad Iqbal Dewanto

|-
|Equipment Committee
|Equipment Committee for OWASP Meetup
|Bima

|-
|Volunteer
|Volunteer Lists
|Achmad Syafaat, Gumux Hijack, Ali Kaharu

|-
|Finance
|The Chapter Leader is designated as primary person responsible for Chapter budget and Chapter expense approvals.
The previous Chapter Leader is designated as secondary approver, who also will approve any expenses submitted by the Chapter Leader.
|

|-
|Advisory Board Members
|Made up of previous Chapter leaders who provide mentoring, coaching, and assistance to the board and contribute to the Chapter’s success.
|

|}

<headertabs></headertabs>

Ade Yoseman Putra

2019-09-06T19:04:19Z

Yoseman: /* Mention */

[[File:Adeyoseman2.png|thumb]]
=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/projects/#5433531277246464 Mentor of Google Summer of Code 2019]
=Quotes=
=Mentions=
[https://portswigger.net/daily-swig/early-warning-website-defacement-alert-utility-debuts-in-the-desert Early warning: Website defacement alert utility debuts in the desert]

 

=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Ade Yoseman Putra

2019-09-06T19:03:51Z

Yoseman:

[[File:Adeyoseman2.png|thumb]]
=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/projects/#5433531277246464 Mentor of Google Summer of Code 2019]
=Quotes=
=Mention=
[https://portswigger.net/daily-swig/early-warning-website-defacement-alert-utility-debuts-in-the-desert Early warning: Website defacement alert utility debuts in the desert]

 
=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Jakarta

2019-08-24T10:29:08Z

Yoseman:

[[image:OWASPidn1.jpg|center|500px]]

{{Chapter Template|chaptername=Jakarta|extra=The chapter leader is [mailto:ade.putra@owasp.org Ade Yoseman Putra] 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-jakarta|emailarchives=http://lists.owasp.org/pipermail/owasp-jakarta}}

[[Category:OWASP Chapter]]
[[Category:Indonesia]]
[[Category:Asia/Pacific/Middle East]]

Bhinneka Tunggal Ika 
united we stand divided we fall 
OWASP Indonesia 

OWASP Indonesia now officially has meetup in jakarta and yogyakarta. Yogyakarta is very special for owasp indonesia. We are non-profit organization. We are pleasure and welcome to all Indonesian to join us and share the knowledge, skill, idea and related to make OWASP Jakarta Project are benefit to everybody. OWASP Jakarta Project as well are the pioneer project for Web Security Application. Any private sector want to contribute and sponsor are welcome.
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 
 Please Donate Our Chapter 
[[Image:Btn_donate_SM.gif|120px|link=https://www.regonline.com/builder/site/Default.aspx?EventID=1044369]] 
=='''Stay in contact:'''==
<center>
{| cellspacing="15"
|-
| [[Image:Meetup-logo-2x.png|120px|link=https://www.meetup.com/meetup-group-XxqLdaeY]]
| [[Image:Follow-us-on-twitter.png|175px|link=http://twitter.com/OwaspJakarta]]
| [[Image:Wa2.jpeg|175px|link=https://chat.whatsapp.com/invite/KVpddPbKCTj4ErVwljbUYg]]
| [[Image:Fb.png|175px|link=http://www.facebook.com/owaspid]]
| [[Image:Web.jpg|175px|link=http://www.OWASP.or.id]]
| [[Image:Tele.jpg|175px|link=https://t.me/joinchat/KiPz5hOjsLPxWQ6bYVJusQ]]
|}
</center>
== '''Stay Updated''' ==

=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[ http://lists.owasp.org/mailman/listinfo/owasp-jakarta join our milis]

For all new members and existing member please free to contribute to OWASP Jakarta Chapter and if you are commitment to help OWASP Jakarta please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Jakarta please to contact [mailto:ade.putra@owasp.org OWASP Admin]. We still open Recruitment to join with us. if you interested feel free for contact me.
 We are welcome to join our conversation. If any query don't hesitate to contact [mailto:ade.putra@owasp.org OWASP Admin]. Everyone is welcome to join us at our chapter meetings.

'''NOTE: OWASP now promote for who want to become Official Members for Jakarta Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://www.owasp.or.id/2017/01/owasp-membership.html REGISTER]) OWASP Memberships'''

__NOTOC__

=English=

==NEWS==

==Events==
<meetup group="meetup-group-XxqLdaeY"/>

=== 2019 ===
Mentor for Google Summer Of Code 2019 {https://summerofcode.withgoogle.com/projects/#5433531277246464}

==Past Security Events==

=== 2018 ===

6WASP Appsec Europe 2018 [https://appseceurope2018a.sched.com/ade.putra 2th-6th july 2018, UK] 

Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP TAIWAN SUMMIT 2018 ] Taipei, Taiwan 

Open Security Summit 2018 [https://open-security-summit.org/participant-remote/ade-yoseman/ @Remotely, Open Security Summit 2018 ] London, UK.

OWASP Sendai Chapter Meeting 2018, [https://owaspsendai.connpass.com/event/84885/ Sendai Japan] 27 th april 2018

Blackhat Asia Singapore 2018 Bussiness Hall [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 "TRENDS AND STRATEGIES FOR SECURING THE INTERNET OF THINGS"] 23 th March 2018

Blackhat Asia Singapore 2018 Arsenal [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 @Arsenal, Blackhat Asia Singapore 2018] 

=== 2017 ===

Codebali International Cyber Security Conference and Exhibitions 2017, [https://www.codebali.net/speaker FIRST-TC], 26-29 th September 2017

National Seminar of Research & Development Id-SIRTII/CC 2017, Hotel Grand Tjokro Bandung West Java Indonesia Theme : [http://riset.idsirtii.or.id/ Tren IOT & Mobile System] 27 July 2017

Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017 ] 11 - 13 July 2017

OWASP Summit 2017 London, England [Participants from OWASP Jakarta Chapter is [https://owaspsummit.org/Participants/remote/Ade-Yoseman-Putra.html Ade Yoseman],
[https://owaspsummit.org/Participants/remote/Petty-Meisari.html Petty Meisari] & 12-16 June 2017 

Blackhat Asia Singapore 2017 [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra @Arsenal, Blackhat Asia Singapore 2017] 30 - 31 March 2017 

=== 2016 ===
OWASP DAY KL 2016 Malaysia [https://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASPKL2016] 15 - 17 November 2016

==History==
On December 2016, [http://www.owasp.org/index.php/Ade_Yoseman_Putra Ade Yoseman reactive OWASP Indonesia]

==Project Volunteering==

OWASP Juice Shop UI v2.21.1 available in Indonesian language! 🇮🇩 (Preview: [[http://juice-shop-staging.herokuapp.com OWASP Juice Shop]]) download https://github.com/bkimminich/juice-shop/releases/tag/v2.21.1 

==Project On Progress==
Here the lists Project have been submit by OWASP JAKARTA Chapter Projects Members 
OWASP Jakarta Projects 

=== 2017 ===
[[OWASP_SecureTea_Project|OWASP SecureTea Project]] 

=== 2019 ===
[[Risk Assessment Framework|Risk Assessment Framework]] 

==Sponsoring==
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Indonesia. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] to talk about the following sponsoring possibilities.

Chapter Supporter 
Single Meeting Supporter 
Facility Sponsor 
Organization Supporters (allocating 40% of your annual donation to our Chapter) 

=='''Local Chapter Supporter'''==
'''
==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Indonesia chapter meetings: 

[[Image:mozid.jpg‎|200px||link=http://www.mozilla.or.id/ |alt=Mozzilla Indonesia]]
==Corporate Sponsors==

[[Image:Rumahweb.png‎|200px||link=https://www.rumahweb.com/ |alt=Rumah Web]]
[[Image:F5.png‎|200px||link=https://www.f5.com/ |alt=f5 Networks]]
[[Image:Bank_btpn.jpg‎|200px||link=https://www.btpn.com/ |alt=Bank BTPN]]
[[Image:FASPAY.png|200px||link=https://www.faspay.co.id/ |alt=Faspay PT. Media Indonusa]]
[[Image:Bankmandiri.png|200px||link=https://www.bankmandiri.co.id/ |alt=Bank Mandiri]]
[[Image:Logo-Bukalapak.png|200px||link=https://www.bukalapak.com/|alt=BUKALAPAK]]
[[Image:Logo-codemargonda (1).png|200px||link=https://www.codemargonda.com/|alt=Codemargonda]]
==Government Agency==

== Community ==
[[Image:Ncsd.PNG|200px||link=https://ncsd.or.id/|alt=National Cyber Security Defence ]]
[[Image:Bsidesid.png‎|200px||link=http://www.securitybsides.com/w/page/118994457/BSidesIndonesia/ |alt=BSidesIndonesia]]

=Meetup=
==Next Meetup==

We Are Currently seeking venue and sponsorship for owasp monthly meetup. if your company interested support us please email us : indonesia2018@owasp.org 
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 

'''OWASP Jakarta Night Q4 2018 @Bukalapak.com'''

When: 28th November 2018 

From 17:00 pm - 22:00 pm 

venue : 
Bukalapak Engineering Office, Jalan Ampera Raya, RT.5/RW.10, Ragunan, South Jakarta City, Jakarta Indonesia
 

Sesi ini akan mendiskusikan tentang : 
1. Keynote speech by Badan Siber Sandi Negara / BSSN (Tbc) 
2. Security Championing by Vandy Putrandika 
3. Novice to expert in Deep Learning and why it's necessary? by rohit parab 
4. An architectural approach for decentralized applications by Ayodya Dewangga S R 

'''Event Program:''' 
17:00pm -18:00 pm - Arrival Participant & Registration 
18.00p.m - 18.30p.m - Keynote speech - Badan Siber Sandi Negara / BSSN (Tbc) 
18:30 pm – 19:15 p.m - Speech by Vandy Putrandika 
19.15 p.m - 19.45 p.m - Speech including Q & A by Rohit Parab 
20.45 p.m - 21.45 p.m - Speech including Q & A by Ayodya 
21:45 p.m - 22.00 pm - Networking Session /Photo Together 

This Meetup provide free Snack & food 

Sponsored by Bukalapak.com 

'''Topic: Security Championing''' 
Abstract: 

Resource, visibility and advocacy are always the main problems for the information security team in any company. Time and head count will always be scarce for the mandated scope of work. For a security bug, we might have to check all corners, rather than someone telling it to us. And no one actually thinks that infosec guys are the hero, right? 

Security championing model tries to be the silver bullet for all those, especially in companies who want to incorporate DevSecOps. Yet, the implementation is not without obstacle. It may even introduce new problems along the way. 

End of the talk one would be able to understand 

1. What is security championing? 
2. Who should implement security champion model and when is the best time? 
3. Where we can find and evangelize these security champions?
 
Bio:
 
'''Vandy Putrandika''' 
Vandy is a security, governance and project management generalist who is passionate about digital strategy and transformation. Currently he works at Bukalapak as the Head of Information Security and managing the super-awesome security team inside while juggling with several security programs.
 

Topic : 
'''An architectural approach for decentralized applications'''

1. Understanding web 2.0 and web 3.0 
2. The pros and cons of web 3.0 
3. What are decentralized applications? 
4. What are the benefits of decentralized application? 
5. How to build a decentralized application? 
6. How to secure decentralized application? 

'''Ayodya Dewangga S R'''

1. E-Channel Product Development Risk Officer at PT Bank Mandiri (Persero) Tbk 
2. Chief Information Security Officer at PT Dekodr Solusi Digital Indonesia 
3. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
4. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Rohit Parab '''

'''Title - Novice to expert in Deep Learning and why it's necessary?
'''
Bio - Co-Founder & CEO at Praemineo, Inc (The Artificial Intelligence Company). Almost a decade of solid hands-on experience in full life-cycle software development. Built applications in as varied as Desktop, Web and now in AI. Experienced in building high performance teams for high output in quicktime. A UX person. Strongly believes that a complete code should not just work, but also be clean and maintainable. An Artificial Intelligence enthusiast. 

Abstract - In brief, I will be sharing how someone can 

1. Get started with Deep Learning. 
2. What are the basic requirements. 
3. Online free resources. 
4. How much of math is required. 
5. What is the current state of Deep Learning and its effects on future. 

==Past Meetup==

'''OWASP JAKARTA NIGHT Q4 2018 '''

When: 22th October 2018 

From 17:00 pm - 22:00 pm 

venue : 

Plaza Mandiri Auditorium lantai 3 
Jl jendral gatot subroto Kav. 36-38 Jakarta 12190, Indonesia 

This Meetup provide free drink & food 

Sponsored by Bank Mandiri 

'''Talk''' 
1. How to protecting critical infrastructure national (Study case: asian games 2018) by Yusuf Hadiwinata Sutandar 

2. Security Engineering by Semi Yulianto 

Abstract: 
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. 

Topics: 
- Security Objectives 
- Security Design Guidelines 
- Security Modeling 
- Security Architecture and Design Review 
- Security Code Review 
- Security Testing 
- Security Tuning 
- Security Deployment Review 

These activities are designed to help meet security objectives in the software life cycle. 
Sesi ini including : 
Demo: Threat Modeling, Secure Code Review & Dynamic Analysis 

Short bio : 
Semi Yulianto 
BSc. (Accounting), M.IT (IT Security & Governance) 
Doctor in IT, Student at Graduate School of University of the East (Manila, Philippines)
MCT, MCDBA, MCTS, MCITP, MCSA, MCSE, MCT, CCNP, CWNA, CEH, ECSA, CHFI, ECSP, EDRP, CND,
CEI, SSCP, CISSP, CSSLP, CISA, CISM, CySA+, CASP, OSSA, CASE Java.
Co-Founder & CEO, Chief Hacking Officer (CHO) of PT. Systech Global Informasi (SGI Asia). 

Information Security Interim Consultant / Subject Matter Expert (SME) at PT. Trinusa Travelindo (Traveloka). 

Information Security/Cyber Security Practitioner, Consultant & Senior Technical Trainer 

More than 20 years working experience in the IT industry with experiences in the area of
Application and Software Development (Database and Management), Operating Systems,
Server Systems, Messaging and Collaboration, Inter-networking, Network Infrastructure,
Desktop Support and Application (Secure Programming & SDL) and Network Security. Has
trained IT Professionals from diverse organizations in Asia Pacific, Middle East and Africa
region namely Indonesia, Malaysia, Singapore, Thailand, Bhutan, Cambodia, Philippines, Saudi
Arabia/KSA, Tunisia, Morocco & South Korea. Proven track of records in delivering High
Quality IT training with very good to excellent feedback ratings (full clients’ satisfaction).
Deep knowledge and excellent skills on Vulnerability Assessment, Ethical Hacking,
Penetration Testing, IT Audit and Computer Forensics with combination of Technical and
Management expertise. Interested in Exploit Writing, Malware Analysis, Forensics on Moving
Data, and Cloud Computing Security. 
Mission: 'To create Awareness and Educate People in Information Systems Security' 

3. DevSecOps Automation: Speedup software delivery with security in mind by Denny 

Desc: 
Integrating SAST and DAST into SDLC (CI/CD) to quickly find potential security problem in both code and runtime, without sacrificing delivery time.
Focusing on the speed on deliveries and creating secure by default software,
 

Bio: 

Denny began his IT career as a software developer, have 5 years experience in developing application on various platform and it was a great advantage to jump into application security as a professional penetration tester for almost 5 years. Now working for Vantage Point Security as a Senior Application Security Consultant, focusing in Security Testing Integration into SDLC process. 

• Event Program: 
18.00 p.m - 18.30 p.m - Arrival Participant & Registration 
18:30 pm – 18:45 p.m - Speech by Nadira Bajrei from Bank Mandiri 
18.45p.m - 19.30 p.m - Speech including Q & A by Denny 
19.30 p.m - 20.30 p.m - Speech including Q & A by Yusuf Hadiwinata Sutandar 
20.30 p.m - 21.30 p.m - Speech including Q & A by Semi Yulianto 
21:30 p.m - 22.00 pm - photo together / networking Session 

OWASP Indonesia Online Session Talk 
Title: Strengthen and Scale security using DevSecOps([[Media:Devsecops-owasp-indonesia.pdf|PDF]]) 
Thursday, October 4, 2018 
1:00 PM to 2:00 PM 

Register : https://www.meetup.com/meetup-group-XxqLdaeY/events/255089357/ 
Speaker Bio 

Imran "secfigo" Mohammed is a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He is also the author of OWASP DevSecOps Studio, OWASP DevSlop and Awesome-Fuzzing projects. 

He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking/training in conferences like Blackhat, OWASP AppSec, DevSecCon, PyCon, NullCon, All Day DevOps, Null and OWASP chapters. 

'''OWASP JAKARTA NIGHT Q3 2018 '''
Sesi ini akan mendiskusikan tentang : 
'''
Web Application by Design with OWASP''' 

Pembicara 
1. First Step to Web Application ISO27001 vs PCIDSS VS OWASP TOP 10 by Elias (Head of System Development Faspay) ([[Media:OWASPNightFaspay.pdf|PDF]]) 
2. Building a tailored AppSec Program using OpenSAMM by Suman Sourav & Tuyen Do 

'''Abstract: Building a tailored AppSec Program using OpenSAMM''' 
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices 
• Building a balanced software security program in well-defined iterations 
• Demonstrating concrete improvements to a security assurance program 
• Defining and measuring security-related activities within an organization 
 
This session is focused on the practical implementation of an AppSec Program based on your organization needs and business risk appetite. Most of the AppSec program fails because of lack of programmatic approach and strategic rollout. Participants will learn about an importance of a Security Program Management, how it solves people, process and technologies challenges in implementing an AppSec program, driving results and metrics relevant to the different stakeholders. 

Speaker Bio:
 
Suman is a Certified Secure Software Lifecycle Professional (CSSLP) having more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds a unified approach to deal with the root cause of software security problems. Currently he is working with Vantage Point Security as a Regional Program Director for Vantage Point Security and helping clients in SEA region to implement application security program.
 
Tuyen is an experienced Security Programme Manager, highly strategic, analytical and performance driven professional with 7+ years of blended experience in managing strategic programs /initiatives within banking & financial, and information technology sectors. Dynamic, versatile, hands-on Program Leader who leads teams to design & implement successful projects/programs that align business objectives and deliver rapid results, within timelines, budgets, and as per specifications.
 

Catatan :
 
peserta tidak perlu membawa laptop acara ini free for everyone 

Acara ini akan diadakan pada: 27th September 2018 

From 18:00 pm - 22:00 pm 

[https://www.meetup.com/meetup-group-XxqLdaeY/events/254502146/?_xtd=gatlbWFpbF9jbGlja9oAJDM1ODIxOTk5LTZlNmYtNDA0Ny05ZDZlLThiYmYzNzQzNTgyZA&_af=event&_af_eid=254502146 REGISTER HERE]

venue : 
Faspay Working Space 
Jakarta Pusat 
'''OWASP Jakarta Night #2'''

When 
19:00 - 22:00 
Tue, Aug 7, 2018 

Where 
Venue: 
Marque at Cyber 2 Tower, 
Jl. H. R. Rasuna Said Blok X-5 Cyber 2 Tower 17th Floor, RT.7/RW.2, Kuningan Timur, Jakarta, Kota Jakarta Selatan, 12950, Indonesia 

[https://www.eventbrite.com/e/owasp-jakarta-night-2-tickets-48230657194 Registration in here] 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader , Ade Yoseman Putra 
19.15p.m - 19.30 p.m - Speech including Q & A OWASP Indonesia Co Chapter Leader by Suman Sourav 
19.30 p.m - 20.30 p.m - Speech including Q & A by David Holmes 
20.30 p.m - 21.30 p.m - Speech including Q & A by Harley Davidson Karel ([[Media:Owasp_Jakarta_Night_-2.pdf|PDF]]) 
21:30 p.m - 22.00 pm - photo together/networking session 

Topic:

'''Hybrid Cloud Security'''

Hybrid Cloud Security continues to be relevant topic. David Holmes ( Global Security Evangelist for F5 Networks) will detail F5’s experience assisting a Fortune 10 company overcome some of their security challenges in moving to a multi-cloud architecture. His presentation will also include a look at some new F5 technologies that secure and containerize application traffic.
 
Mr. Holmes is a 17-year veteran of F5 and has met with banking and finance, government, and private enterprise security teams all over the world so he usually has the measure of who is doing what and where. This is an excellent opportunity to pick his brain about architecture, industry trends, or any other security topic that is top of mind. 

More about David Holmes: 

Based in Asia Pacific, David Holmes is the Global Security Evangelist for F5 Networks. In this role, Holmes is spokesman, researcher and evangelist for F5’s threat intelligence division, with an emphasis on cryptography, distributed denial of service attacks, and the Internet of Things. He speaks at conferences such as RSA, InfoSec and Gartner Data Center.

Holmes authors white papers on security topics such as global cryptography trends and modern DDoS threat spectrum. He has also written for industry magazines such as the SCMagazine and Network World. These days,he writes regularly about vulnerabilities, technical solutions and the security industry for SecurityWeek.com and F5 Labs.

He joined F5 Networks in 2001, and, as a Principal Software Engineer, where he designed many of the system and core security features. Holmes has 20 years of experience in security and product engineering.

Prior to F5, Holmes was a Vice President of Engineering at Dvorak Development (in Boulder, CO) and a Senior Software Engineer (Security) at CyberSafe, Inc.

Holmes majored in Computer Science and Engineering Physics at the University of Colorado at Boulder. For public speaking, Holmes has a Competent Communicator award from Toastmasters International and other public speaking awards.
 

Many thanks to F5 for their sponsorship.
 

Harley Davidson Karel 

'''Topic : Static Analysis Security Testing (SAST) using open source
'''
 
Topic Extract : 

Find security issues on development stage using open source static analysis security testing (SAST), so that developer will be able to identify security issues on earlier stage of software development life cycle, rather than waiting for penetration testing stage. 

SAST demo will be conducted with command line interface usage, IDE integration, & Jenkins integration. The demo will scan and found security issues on several programming language such as Java, python, & ruby 

Bio: 

Harley Davidson Karel is working as Associate Application Security Consultant at Vantage Point Security Indonesia. He is EC-Council Certified and well trained in working in application security activities that help organisations to put security aspect in every stage of software development life cycle. He has been selected as a speaker for PyConMY 2018 Kuala Lumpur, PyConES 2018 Malaga Spain, GrillRB 2018 Wroclaw Poland.
 

 

'''OWASP Indonesia Q1 Meetup 2018'''

[[File:Owaspidq12018.jpeg|400px|center]]
==== Talks ====
 '''Reduce the Risk of a Data Breach with Open Source INTelligence (OSINT)''' 
by Ayodya (Security Engineer at Bukalapak) 
 '''Building Appsec Pipeline''' by Suman Sourav 
 '''OWASP Top 10 Mobile Application Vulnerability''' 
by Williams 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader 
19.15p.m - 20.00 p.m - Speech including Q & A by Suman Sourav 
20.00 p.m - 20.45 p.m - Speech including Q & A by Ayodya 
20.45 p.m - 21.30 p.m - Speech including Q & A by william 
==== Speakers ====

'''Ayodya'''

[[File:Ayodya.jpg|200px]] 
1. Security Engineer at Bukalapak 
2. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
3. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Williams'''

'''Suman Sourav'''
 Building Appsec Pipeline 

SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE 

Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. 

19:00 - 22:00 
Thursday, March 29, 2018 
Register :[closed] 
venue : 
[[File:Btpn.png|left]] 
Bank BTPN. Menara BTPN, 27 th floor - CBD Mega Kuningan Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950 

OWASP Jakarta Q4 2017 Meetup 
[[File:Owaspmeetupbtpn.jpg|400px|center]] 

19:00 - 22:00 
Tue, Nov 21, 2017 

BANK BTPN 
Menara BTPN - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950
 
OWASP Jakarta Q4 2017 Meetup 

Menara BTPN, 27 th floor - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 
Jakarta 12950 
Theme : Application Security in Owasp top 10 2017 
When : 
at Q1 21th november 2017 
From 19:00 pm - 22:00 pm 

[https://www.eventbrite.com/e/owasp-jakarta-q4-2017-meetup-tickets-39109060252 CLOSED] 
==== Talks ====

* '''Secure coding practices with golang''' ([[Media:Owasp-171123063052.pdf|PDF]]) by sulhaedir (IT Security Spesialis at Tokopedia) 
* '''OWASP Risk Rating Management Project'''([[Media:Riskratingmanagement-170615172835.pdf |PDF]]) by M febri 

==== Speakers ====

'''sulhaedir'''

[[File:Sulhaedir.jpg|200px]]

Sulhaedir have 6 years experience in information security. he work as security specialist at TOKOPEDIA. he also Security research in nemosecurity 
 
'''M.Febri''' 

[[File:Febri.jpg|200px]] 

he work as Security Consultant at Visionet. 

Thanks for sponsor this meetup 
{{MemberLinks|link=https://www.btpn.com/ |logo=Bank_btpn.jpg }}

 
'''Workshop OWASP at "Sofware Freedom Day 2017"''' 
[[File:Sofware freedom day 2017.jpg|200px]] 

 workshop with KSL UBL "improving Security Attack and Defense with OWASP" 

when : Sat, September 16, 08:00 – 15:00 pm 
Auditorium Universitas Budi Luhur, Jl. Ciledug Raya No.126, RT.1/RW.2, Petukangan Utara, Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12260, Indonesia 
'''OWASP Indonesia Day 2017'''
[[File:Owaspdayid1.jpeg|center]]
 when Developers, startups, hackers will meet..
just visit us @ OWASP Indonesia Day 2017 
Yogyakarta, 09 th september 2017 
 https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 

if you interested sponsor our events just contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] 

'''OWASP Jakarta Tech Day Meetup 2017'''
[[File:Owaspmeetup2.jpg|left|frameless]]
OWASP Jakarta succesfully host meetup on May 2017

with Theme: "How Secure Ecommerce"

Date: 14 May 2017 02 pm to 05 pm (GMT+7 Jakarta)

Venue: PTC Pulogadung Trade Centre Ballroom 2nd Floor

Jalan Raya Bekasi, RW.3, Rw. Terate, Cakung, Kota Jakarta Timur, DKI Jakarta 13920

Google Maps :

https://goo.gl/maps/gmZnSofLvEF2

==== Talks ====
* '''Turning Legal Website into DDoS Tool''' by Kalpin Erlangga (Indonesia Honeynet Project) ([[Media:IHP-OWASP-Kalpin-Presentation_-_Template-OWASP-Final.pdf|PDF]]) .
* '''The Art of phishing, and how to save yourself''' by Oliver Valentino (Security analyst [http://www.bukalapak.com BUKALAPAK]) ([[Media:OWASP_presentation_-Oliver_Valentino_-.pdf|PDF]]) 
* '''Trend Defacement On Indonesia E-Commerce Website''' by Achmad Syafaat (ID-SIRTII/CC) 
* '''Client Side Security And Testing Tools''' by David Cervigni ( [https://mindedsecurity.com/index.php/about-us/company Minded Security]) ([[Media:OWASP_presentation_jkt2017.pdf|PDF]])
* ''' Hacking as a Livestyle''' Matias Prasodjo(Dracos) ([[Media:Hacking_Live_Style_-_OWASP_Jakarta.pdf|PDF]]) 

==== Speakers ====
==== '''Kalpin Erlangga Silaen''' ====

[[File:Kelpin2.jpg]]

Kalpin Erlangga Silaen is a senior security consultant with experience more than 15 years in IT. He is a graduate of the Master of Computer in Faculty of Engineering and IT at Swiss German University. He was first winner as a team at Cyber Defense Competition, Ministry of Defense of Indonesia on 2013

(Jakarta) and 2014 (Surabaya). He has experience as security penetration tester for various industry such as telecommunication, banking, finance, and government for more than 7 years. His interests includes network and cloud security

'''Oliver Valentino'''

Oliver Valentino is a tech evangelist and security enthusiast. Currently work as a security analyst at [http://www.bukalapak.com bukalapak]. Got his bachelor degree from Universitas Advent Indonesia Bandung

'''David Cervigni'''

[[File:Dvd.jpg]]

David Cervigni is a Senior Security Consultant of the [https://mindedsecurity.com/index.php/about-us/company Minded Security] consultants team. He has a strong experience in collaborating closely with developer teams to securing SDLC and DevOps systems. His specialties include secure coding training, vulnerability assessment, manual and automated code review solutions, critical software design and compliance. His experience maturated mostly in the financial sector and in the biggest institutions across Swiss and UK markets. He holds a master's degree in computer science from the University of Camerino.

'''Achmad Syafaat'''

'''Matias Prasodjo'''

Matias Prasodjo is Vice Leader [https://dracos-linux.org/ DracOs Linux Team]. he is Subject Matter Expert Security and System at PT Lintas Teknologi Indonesia.

==Past Meetup==
OWASP Indonesia Meetup I 2017 on March 4 th, 2017 
See More [https://www.owasp.org/index.php/OWASP_Indonesia_Meetup_I_2017 OWASP Indonesia Meetup I 2017 on March 4 th, 2017]

=Bahasa=

OWASP Indonesia adalah sebuah salah satu cabang dari Yayasan OWASP di belahan dunia. Yayasan OWASP adalah terbuka dan organisasi non profit.Kami membuka kesempatan kepada orang indonesia untuk bergabung serta berkontribusi pada OWASP Indonesia (Jakarta) Chapter.

Apa Yang Bisa anda kontribusi kan pada Yayasan OWASP
===OWASP Indonesia Chapter===
1. Anda bisa menyediakan Tempat untuk Agenda kami 
2. Anda bisa menjadi Speaker & Trainer dalam setiap Event kami 
3. Anda bisa menjadi University Supporter Kami 
4. Anda bisa menjadi Donatur kami 
5. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) 

===OWASP Foundation===
1. Anda bisa menjadi Speaker & Trainer dalam setiap Event Yayasan OWASP di seluruh dunia 
2. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) pada Yayasan OWASP Global 

how to register OWASP membership, berikut saya sudah jelaskan step by stepnya di [http://www.owasp.or.id/2017/01/owasp-membership.html web owasp.or.id]

==Berita==

Kami mencari volunteer untuk penerjemahan OWASP 2013 Top Ten dari Bahasa Inggris ke dalam Bahasa. Saat Ini sedang dalam pengerjaan / On Progress.
Silahkan bergabung dengan tim kami [https://www.owasp.org/index.php/OWASP_Top_10_2013_-_Bahasa_Indonesia tim penerjamah OWASP 2013 Top 10-Bahasa]

=Our Chapter Leadership=

{| class="wikitable"
|-
! scope="col" style="width: 20%; font: bold;" |''' Chapter Leadership Board Member Role'''
! scope="col" |Responsibilities
! scope="col" |Person(s)
|-
|Chapter Leader / Chairman
|The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair.
|Ade Yoseman Putra

|-
|Sponsor Coordinator
|Serves as the primary liaison between the Chapter and all sponsors, and solicits sponsors for the Chapter meetings, happy hours, and other events.
|Hilman Aditya

|-
|Speaker and Special Event Coordinator
|Seeks and schedules speakers for monthly Chapter meetings and other events.
|Dewo Nur Satrio
|-

|Conference/Event/Meetup Coordinator
|Coordinates all of the efforts for the annual OWASP Indonesia Day, OWASP Jakarta Night & all OWASP Jakarta Events.
|Eka Syahfitri
|-
|PR/Marketing Coordinator/Designer Grafis
|Provides marketing of OWASP Indonesia Day and other Chapter events.
|Muhamad Iqbal Dewanto

|-
|Equipment Committee
|Equipment Committee for OWASP Meetup
|Bima

|-
|Volunteer
|Volunteer Lists
|Achmad Syafaat, Gumux Hijack, Ali Kaharu , Amanu

|-
|Finance
|The Chapter Leader is designated as primary person responsible for Chapter budget and Chapter expense approvals.
The previous Chapter Leader is designated as secondary approver, who also will approve any expenses submitted by the Chapter Leader.
|

|-
|Advisory Board Members
|Made up of previous Chapter leaders who provide mentoring, coaching, and assistance to the board and contribute to the Chapter’s success.
|

|}

<headertabs></headertabs>

Ade Yoseman Putra

2019-05-30T09:42:14Z

Yoseman:

[[File:Adeyoseman2.png|thumb]]
=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/organizations/6362925392986112/ Mentor of Google Summer of Code 2019]
=Quotes=

 
=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Ade Yoseman Putra

2019-05-29T15:11:54Z

Yoseman:

[[File:Adeyoseman2.png|thumb]]
=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/organizations/6362925392986112/ Mentor of Google Summer of Code 2019]
=Quotes=

 

وَإِذْ قَالَ رَبُّكَ لِلْمَلَائِكَةِ إِنِّي جَاعِلٌ فِي الْأَرْضِ خَلِيفَةً

Ingatlah ketika Tuhanmu berfirman kepada para Malaikat: "Sesungguhnya Aku hendak menjadikan seorang khalifah di muka bumi". (Q.S. Albaqarah 30) 

مَنْ كَانَ يُرِيْدُ حَرْثَ الْاٰخِرَةِ نَزِدْ لَهٗ فِيْ حَرْثِهٖ ۚ وَمَنْ كَانَ يُرِيْدُ حَرْثَ الدُّنْيَا نُؤْتِهٖ مِنْهَا ۙ وَمَا لَهٗ فِى الْاٰخِرَةِ مِنْ نَّصِيْبٍ

Barang siapa menghendaki keuntungan di akhirat akan Kami tambahkan keuntungan itu baginya, dan barang siapa menghendaki keuntungan di dunia Kami berikan kepadanya sebagian darinya ( keuntungan dunia ), tetapi dia tidak akan mendapat bagian di akhirat. (QS. Asy-Syura: 20) 

=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Ade Yoseman Putra

2019-05-29T15:09:01Z

Yoseman:

[[File:Adeyoseman2.png|thumb]]
=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/presenters.html#ade-yoseman-putra-36859 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA Las Vegas 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/organizations/6362925392986112/ Mentor of Google Summer of Code 2019]
=Quotes=

 

وَإِذْ قَالَ رَبُّكَ لِلْمَلَائِكَةِ إِنِّي جَاعِلٌ فِي الْأَرْضِ خَلِيفَةً

Ingatlah ketika Tuhanmu berfirman kepada para Malaikat: "Sesungguhnya Aku hendak menjadikan seorang khalifah di muka bumi". (Q.S. Albaqarah 30) 

مَنْ كَانَ يُرِيْدُ حَرْثَ الْاٰخِرَةِ نَزِدْ لَهٗ فِيْ حَرْثِهٖ ۚ وَمَنْ كَانَ يُرِيْدُ حَرْثَ الدُّنْيَا نُؤْتِهٖ مِنْهَا ۙ وَمَا لَهٗ فِى الْاٰخِرَةِ مِنْ نَّصِيْبٍ

Barang siapa menghendaki keuntungan di akhirat akan Kami tambahkan keuntungan itu baginya, dan barang siapa menghendaki keuntungan di dunia Kami berikan kepadanya sebagian darinya ( keuntungan dunia ), tetapi dia tidak akan mendapat bagian di akhirat. (QS. Asy-Syura: 20) 

=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Ade Yoseman Putra

2019-05-24T06:31:21Z

Yoseman:

[[File:Adeyoseman2.png|thumb]]
=Welcome=
1. Researcher & also a Co-founder of [http://securityjustillusion.org/index.html Security Just Illusion](non-profit organization information security). 
2. He has more than 5 years’ experience in information security, 
3. experience in cert (computer emergency response team). 
4. Besides that, he has experience as security consultant in Kuala Lumpur Malaysia (2014) . 
5 finalist / 3rd Team Winner for Cyberlympics Asia-Australia (2012) www.cyberlympics.org. 
6. He has Information Security Trainer in Kuala Lumpur, Malaysia and Indonesia. 
7. he has spoken at [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra arsenal, Blackhat Asia 2017], [https://www.blackhat.com/asia-18/arsenal/schedule/presenters.html#ade-yoseman-putra-36859 Blackhat Asia 2018] , [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/speakers.html#ade-yoseman-putra-37074 Bussiness Hall] Blackhat Asia 2018. 
8. founder of [http://www.securitybsides.com/w/page/118994457/BSidesIndonesia Security BSide Indonesia ]. BSide is open security conference in the [http://www.securitybsides.com/w/page/19532810/Media world] 
9. AppSec EU 2018 [https://appseceurope2018a.sched.com/ade.putra 2-6 th July 2018 UK] 
10.[https://www.blackhat.com/us-19/arsenal/schedule/index.html#rwdd-remote-web-deface-detection-tool-16775 Blackhat USA 2019 Arsenal]

=Contribute=
Lists contributor to owasp 
1. Trainer in [http://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASP KL DAY 2016], University Kuala Lumpur Malaysia 
2. An [http://www.owasp.org/index.php/Jakarta OWASP Indonesia Chapter Leader] 
3. Help organize owasp risk rating management [https://github.com/OWASP/owasp-summit-2017/blob/master/Participants/remote/Ade-Yoseman-Putra.md @OWASP Summit London 2017, UK] 
4. [https://github.com/OWASP/RiskAssessmentFramework OWASP risk Assessment Framework project leader]
 
5. OWASP SecureTea Project Lead https://github.com/OWASP/SecureTea-Project 
6. Keynote speaker @ Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017] 
7. First whom organized OWASP Cyber Security Conference 2017 in Indonesia https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 
8. Spoken at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting] , Sendai, Japan. 
9. Spoken at Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP AppSec TAIWAN 2018 ] Taipei, Taiwan 
10. Spoken at [https://www.owasp.org/index.php/Ghana OWASP Ghana Chapter Meeting] 24th November 2018
 
11. [https://summerofcode.withgoogle.com/organizations/6362925392986112/ Mentor of Google Summer of Code 2019]
=Quotes=

 

وَإِذْ قَالَ رَبُّكَ لِلْمَلَائِكَةِ إِنِّي جَاعِلٌ فِي الْأَرْضِ خَلِيفَةً

Ingatlah ketika Tuhanmu berfirman kepada para Malaikat: "Sesungguhnya Aku hendak menjadikan seorang khalifah di muka bumi". (Q.S. Albaqarah 30) 

مَنْ كَانَ يُرِيْدُ حَرْثَ الْاٰخِرَةِ نَزِدْ لَهٗ فِيْ حَرْثِهٖ ۚ وَمَنْ كَانَ يُرِيْدُ حَرْثَ الدُّنْيَا نُؤْتِهٖ مِنْهَا ۙ وَمَا لَهٗ فِى الْاٰخِرَةِ مِنْ نَّصِيْبٍ

Barang siapa menghendaki keuntungan di akhirat akan Kami tambahkan keuntungan itu baginya, dan barang siapa menghendaki keuntungan di dunia Kami berikan kepadanya sebagian darinya ( keuntungan dunia ), tetapi dia tidak akan mendapat bagian di akhirat. (QS. Asy-Syura: 20) 

=Contact=
[https://twitter.com/johnleedik Twitter] 
Email to ade.putra@owasp.org

Risk Assessment Framework

2019-05-24T03:49:53Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

=Home=
The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

==Project About==
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

=Roadmap=

https://github.com/OWASP/RiskAssessmentFramework/blob/master/readme.md




==Getting Involved==
 
Involvement in the development and promotion of his project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim
==News==
* [23 May 2019] Published in ToolsWatch.org, [https://www.toolswatch.org/2019/05/amazing-black-hat-arsenal-usa-2019-lineup-announced/ Amazing Black Hat Arsenal USA 2019 Lineup Announced]
== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

GoogleSeasonOfDocs2019

2019-05-08T02:46:43Z

Yoseman:

= Overview =

OWASP is going to apply to participate in the inaugural [https://developers.google.com/season-of-docs/ Google Season of Docs]

The organization application is in and we are awaiting notification of acceptance into the program.

If you plan to be a mentor for 2019, please [https://docs.google.com/forms/d/e/1FAIpQLSe-JjGvaKKGWZOXxrorONhB8qN3mjPrB9ZVkcsntR73Cv_K7g/viewform Register Here]

= OWASP Project Documentation Requests =

'''Tips to get you started in no particular order:'''
'''* Read [https://developers.google.com/season-of-docs/docs/project-ideas Google Season of Docs Project Ideas]'''
'''* Read [https://developers.google.com/season-of-docs/terms/program-rules Program Rules]'''

==OWASP ZAP==
[[OWASP Zed Attack Proxy Project]] (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.

=== The API ===
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation.
Unfortunately is also not particularly well documented and we get many queries about it on the support groups.

Existing documentation includes:
* https://github.com/zaproxy/zaproxy/wiki/ApiDetails
* https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index

This project would:
# Explain the concepts behind the UI
# Explain how it can be used at a high level
# Detail all of the API calls

The documentation should be suitable for publishing as web pages and for printing on paper.

=== Zest ===
Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools.
While it is tool independent it is heavily used by ZAP.

Existing documentation includes:
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Zest
* https://github.com/mozilla/zest/wiki

This project would:
# Explain the concepts behind the Zest
# Explain how to write Zest scripts
# Document the ZAP Desktop UI provided relating to Zest

The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.

==OWASP Juice Shop==
[[OWASP Juice Shop Project]] is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

==="Pwning OWASP Juice Shop" Companion Guide===

''[https://leanpub.com/juice-shop Pwning OWASP Juice Shop] is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under [https://creativecommons.org/licenses/by-nc-nd/4.0/ CC BY-NC-ND 4.0] and is available '''for free''' as work-in-progress in [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop HTML, PDF, Kindle and ePub format on GitBook]. The latest officially released edition is [https://leanpub.com/juice-shop available '''for free''' on LeanPub in PDF, Kindle and ePub format].''

[[File:PwningOWASPJuiceShop_Cover.jpg|link=https://leanpub.com/juice-shop|100px]]

''The book is divided into three parts:''
# ''Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools)''
# ''Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application)''
# ''Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project)''

Primary focus points of this project could be:
# Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format ''(Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub '''and''' to be able to host it in HTML online-readable form)''
# Tackle the idea to [https://github.com/bkimminich/pwning-juice-shop/issues/21 generate a special "CTF Edition"] of the book from the same source content

This project could additionally:
* Add hints and solutions for currently undocumented challenges (marked with ''':wrench: **TODO**''')
* Extend the "Codebase 101" chapter with more details and examples for new contributors
* Review, curate and extend the other existing content

==OWASP-Securetea Tools Project==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows). The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium. . - https://github.com/OWASP/SecureTea-Project/blob/master/README.md 
This project would: 
1. Review, curate and extend the other existing content of [https://github.com/OWASP/SecureTea-Project/blob/master/README.md#target-user User Guide] and [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Developer Guide] 

2.Help to translate into many languages as you can do 
Example : [https://github.com/OWASP/SecureTea-Project/blob/master/doc/ja-JP/README.md Japanese Translate] 
3. As Content Writer we need your best ideas for improve The SecureTea Project Documentation. 
4. Help Our Programmer/Contributors to create their Documentation such as
Website content,wiki,user docs and developer docs, etc which not yet publish/completed. 
5. Camera, action . we actually not bollywood or hollywood but we want create video related our project https://www.youtube.com/channel/UCGdl9tpc1qZYcM3WRRFRPPA 

== OWASP DefectDojo ==
OWASP DefectDojo is a popular open source vulnerability management tool and is used as the backbone for security programs. It is easy to get started with to work on! We welcome volunteers of all experience levels and are happy to provide mentoring.

The existing documentation is on [https://defectdojo.readthedocs.io/en/latest/ Read the Docs] and is created based on the [https://github.com/DefectDojo/Documentation DefectDojo documentation repo].

The project would:
* Review and update the current documentation based on the latest release in the master branch
* Update and expand documentation sections including
** Installation including the new Docker Compose and Kubernetes
** Liberal inclusion of screenshots or screencasts for various features of the web UI
** Integrations with various security tools
** workflows and other real-world use cases that DefectDojo solves
* Validate the documentation against the Python3 branch which will be the bases for the next major release of DefectDojo
* Translating the current documentation to languages other than English
==OWASP Risk Assessment Framework==
OWASP Risk Asessement Framework is SAST tools,web deface detection, Risk Assessment Tool 
we participated of gsoc 2019 so we need some technical writer for docs 
1. research and write references for sast tool which have api 
2. make some docs of wiki 
3. make video also related content of risk assessment

GoogleSeasonOfDocs2019

2019-05-08T02:45:47Z

Yoseman: add OWASP Risk Assessment Framework

= Overview =

OWASP is going to apply to participate in the inaugural [https://developers.google.com/season-of-docs/ Google Season of Docs]

The organization application is in and we are awaiting notification of acceptance into the program.

If you plan to be a mentor for 2019, please [https://docs.google.com/forms/d/e/1FAIpQLSe-JjGvaKKGWZOXxrorONhB8qN3mjPrB9ZVkcsntR73Cv_K7g/viewform Register Here]

= OWASP Project Documentation Requests =

'''Tips to get you started in no particular order:'''
'''* Read [https://developers.google.com/season-of-docs/docs/project-ideas Google Season of Docs Project Ideas]'''
'''* Read [https://developers.google.com/season-of-docs/terms/program-rules Program Rules]'''

==OWASP ZAP==
[[OWASP Zed Attack Proxy Project]] (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.

=== The API ===
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation.
Unfortunately is also not particularly well documented and we get many queries about it on the support groups.

Existing documentation includes:
* https://github.com/zaproxy/zaproxy/wiki/ApiDetails
* https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index

This project would:
# Explain the concepts behind the UI
# Explain how it can be used at a high level
# Detail all of the API calls

The documentation should be suitable for publishing as web pages and for printing on paper.

=== Zest ===
Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools.
While it is tool independent it is heavily used by ZAP.

Existing documentation includes:
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Zest
* https://github.com/mozilla/zest/wiki

This project would:
# Explain the concepts behind the Zest
# Explain how to write Zest scripts
# Document the ZAP Desktop UI provided relating to Zest

The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.

==OWASP Juice Shop==
[[OWASP Juice Shop Project]] is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

==="Pwning OWASP Juice Shop" Companion Guide===

''[https://leanpub.com/juice-shop Pwning OWASP Juice Shop] is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under [https://creativecommons.org/licenses/by-nc-nd/4.0/ CC BY-NC-ND 4.0] and is available '''for free''' as work-in-progress in [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop HTML, PDF, Kindle and ePub format on GitBook]. The latest officially released edition is [https://leanpub.com/juice-shop available '''for free''' on LeanPub in PDF, Kindle and ePub format].''

[[File:PwningOWASPJuiceShop_Cover.jpg|link=https://leanpub.com/juice-shop|100px]]

''The book is divided into three parts:''
# ''Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools)''
# ''Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application)''
# ''Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project)''

Primary focus points of this project could be:
# Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format ''(Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub '''and''' to be able to host it in HTML online-readable form)''
# Tackle the idea to [https://github.com/bkimminich/pwning-juice-shop/issues/21 generate a special "CTF Edition"] of the book from the same source content

This project could additionally:
* Add hints and solutions for currently undocumented challenges (marked with ''':wrench: **TODO**''')
* Extend the "Codebase 101" chapter with more details and examples for new contributors
* Review, curate and extend the other existing content

==OWASP-Securetea Tools Project==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows). The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium. . - https://github.com/OWASP/SecureTea-Project/blob/master/README.md 
This project would: 
1. Review, curate and extend the other existing content of [https://github.com/OWASP/SecureTea-Project/blob/master/README.md#target-user User Guide] and [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Developer Guide] 

2.Help to translate into many languages as you can do 
Example : [https://github.com/OWASP/SecureTea-Project/blob/master/doc/ja-JP/README.md Japanese Translate] 
3. As Content Writer we need your best ideas for improve The SecureTea Project Documentation. 
4. Help Our Programmer/Contributors to create their Documentation such as
Website content,wiki,user docs and developer docs, etc which not yet publish/completed. 
5. Camera, action . we actually not bollywood or hollywood but we want create video related our project https://www.youtube.com/channel/UCGdl9tpc1qZYcM3WRRFRPPA 

== OWASP DefectDojo ==
OWASP DefectDojo is a popular open source vulnerability management tool and is used as the backbone for security programs. It is easy to get started with to work on! We welcome volunteers of all experience levels and are happy to provide mentoring.

The existing documentation is on [https://defectdojo.readthedocs.io/en/latest/ Read the Docs] and is created based on the [https://github.com/DefectDojo/Documentation DefectDojo documentation repo].

The project would:
* Review and update the current documentation based on the latest release in the master branch
* Update and expand documentation sections including
** Installation including the new Docker Compose and Kubernetes
** Liberal inclusion of screenshots or screencasts for various features of the web UI
** Integrations with various security tools
** workflows and other real-world use cases that DefectDojo solves
* Validate the documentation against the Python3 branch which will be the bases for the next major release of DefectDojo
* Translating the current documentation to languages other than English
==OWASP Risk Assessment Framework==
OWASP Risk Asessement Framework is SAST tools,web deface detection, Risk Assessment Tool
we participated on gsoc 2019 so we need some technical writer for docs
1. research and write references for sast tool which have api
2. make some docs of wiki
3. make video also related content

Jakarta

2019-05-06T05:03:07Z

Yoseman:

[[image:OWASPidn1.jpg|center|500px]]

{{Chapter Template|chaptername=Jakarta|extra=The chapter leader is [mailto:ade.putra@owasp.org Ade Yoseman Putra]
 

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-jakarta|emailarchives=http://lists.owasp.org/pipermail/owasp-jakarta}}

[[Category:OWASP Chapter]]
[[Category:Indonesia]]
[[Category:Asia/Pacific/Middle East]]

Bhinneka Tunggal Ika 
united we stand divided we fall 
OWASP Indonesia 

OWASP Indonesia now officially has meetup in jakarta and yogyakarta. Yogyakarta is very special for owasp indonesia. We are non-profit organization. We are pleasure and welcome to all Indonesian to join us and share the knowledge, skill, idea and related to make OWASP Jakarta Project are benefit to everybody. OWASP Jakarta Project as well are the pioneer project for Web Security Application. Any private sector want to contribute and sponsor are welcome.
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 
 Please Donate Our Chapter 
[[Image:Btn_donate_SM.gif|120px|link=https://www.regonline.com/builder/site/Default.aspx?EventID=1044369]] 
=='''Stay in contact:'''==
<center>
{| cellspacing="15"
|-
| [[Image:Meetup-logo-2x.png|120px|link=https://www.meetup.com/meetup-group-XxqLdaeY]]
| [[Image:Follow-us-on-twitter.png|175px|link=http://twitter.com/OwaspJakarta]]
| [[Image:Wa2.jpeg|175px|link=https://chat.whatsapp.com/invite/KVpddPbKCTj4ErVwljbUYg]]
| [[Image:Fb.png|175px|link=http://www.facebook.com/owaspid]]
| [[Image:Web.jpg|175px|link=http://www.OWASP.or.id]]
| [[Image:Tele.jpg|175px|link=http://t.me/owaspid]]
|}
</center>

== '''Stay Updated''' ==

=== Join our low traffic mailing list for event information ===
[[File:Mail-50%25smaller.jpeg]]
[ http://lists.owasp.org/mailman/listinfo/owasp-jakarta join our milis]

For all new members and existing member please free to contribute to OWASP Jakarta Chapter and if you are commitment to help OWASP Jakarta please subscribe OWASP Membership for individual. For Corporate sponsor OWASP Jakarta please to contact [mailto:ade.putra@owasp.org OWASP Admin]. We still open Recruitment to join with us. if you interested feel free for contact me.
 We are welcome to join our conversation. If any query don't hesitate to contact [mailto:ade.putra@owasp.org OWASP Admin]. Everyone is welcome to join us at our chapter meetings.

'''NOTE: OWASP now promote for who want to become Official Members for Jakarta Chapter. You can get special rate and discount and get email @owasp.org with 25GB space. Please register at here as individual([https://www.owasp.org/index.php/Membership Memberships]) and to see the example how to ([http://www.owasp.or.id/2017/01/owasp-membership.html REGISTER]) OWASP Memberships'''

__NOTOC__

=English=

==NEWS==

==Events==
<meetup group="meetup-group-XxqLdaeY"/>

=== 2018 ===

SECURITY IN A SERIOUS WAY 2018, 2th December 2018, [https://seminar.errorcybernews.com/2018/ Tasikmalaya, Indonesia]

==Past Security Events==

=== 2018 ===

6WASP Appsec Europe 2018 [https://appseceurope2018a.sched.com/ade.putra 2th-6th july 2018, UK] 

Taiwan International Information Security Organization Summit 2018 [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 OWASP TAIWAN SUMMIT 2018 ] Taipei, Taiwan 

Open Security Summit 2018 [https://open-security-summit.org/participant-remote/ade-yoseman/ @Remotely, Open Security Summit 2018 ] London, UK.

OWASP Sendai Chapter Meeting 2018, [https://owaspsendai.connpass.com/event/84885/ Sendai Japan] 27 th april 2018

Blackhat Asia Singapore 2018 Bussiness Hall [https://www.blackhat.com/asia-18/sponsored-sessions/schedule/index.html#trends-and-strategies-for-securing-the-internet-of-things-10064 "TRENDS AND STRATEGIES FOR SECURING THE INTERNET OF THINGS"] 23 th March 2018

Blackhat Asia Singapore 2018 Arsenal [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 @Arsenal, Blackhat Asia Singapore 2018] 

=== 2017 ===

Codebali International Cyber Security Conference and Exhibitions 2017, [https://www.codebali.net/speaker FIRST-TC], 26-29 th September 2017

National Seminar of Research & Development Id-SIRTII/CC 2017, Hotel Grand Tjokro Bandung West Java Indonesia Theme : [http://riset.idsirtii.or.id/ Tren IOT & Mobile System] 27 July 2017

Taiwan International Information Security Organization Summit 2017 [http://2017.twcsa.org/OWASP2017/speakers.html#spkr_owasp_keynote01 OWASP DAY TAIWAN 2017 ] 11 - 13 July 2017

OWASP Summit 2017 London, England [Participants from OWASP Jakarta Chapter is [https://owaspsummit.org/Participants/remote/Ade-Yoseman-Putra.html Ade Yoseman],
[https://owaspsummit.org/Participants/remote/Petty-Meisari.html Petty Meisari] & 12-16 June 2017 

Blackhat Asia Singapore 2017 [https://www.blackhat.com/asia-17/arsenal.html#ade-yoseman-putra @Arsenal, Blackhat Asia Singapore 2017] 30 - 31 March 2017 

=== 2016 ===
OWASP DAY KL 2016 Malaysia [https://www.owasp.org/index.php/OWASP_Day_KL_2016#tab=Trainers OWASPKL2016] 15 - 17 November 2016

==History==
On December 2016, [http://www.owasp.org/index.php/Ade_Yoseman_Putra Ade Yoseman reactive OWASP Indonesia]

==Project Volunteering==

OWASP Juice Shop UI v2.21.1 available in Indonesian language! 🇮🇩 (Preview: [[http://juice-shop-staging.herokuapp.com OWASP Juice Shop]]) download https://github.com/bkimminich/juice-shop/releases/tag/v2.21.1 

==Project On Progress==
Here the lists Project have been submit by OWASP JAKARTA Chapter Projects Members 
OWASP Jakarta Projects 

=== 2017 ===
[[OWASP_SecureTea_Project|OWASP SecureTea Project]] 

=== 2019 ===
[[Risk Assessment Framework|Risk Assessment Framework]] 

==Sponsoring==
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Indonesia. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] to talk about the following sponsoring possibilities.

Chapter Supporter 
Single Meeting Supporter 
Facility Sponsor 
Organization Supporters (allocating 40% of your annual donation to our Chapter) 

=='''Local Chapter Supporter'''==
'''
==Meeting Sponsors==
The following is the list of organisations who have generously provided us with space for OWASP Indonesia chapter meetings: 

[[Image:mozid.jpg‎|200px||link=http://www.mozilla.or.id/ |alt=Mozzilla Indonesia]]
==Corporate Sponsors==

[[Image:Rumahweb.png‎|200px||link=https://www.rumahweb.com/ |alt=Rumah Web]]
[[Image:F5.png‎|200px||link=https://www.f5.com/ |alt=f5 Networks]]
[[Image:Bank_btpn.jpg‎|200px||link=https://www.btpn.com/ |alt=Bank BTPN]]
[[Image:FASPAY.png|200px||link=https://www.faspay.co.id/ |alt=Faspay PT. Media Indonusa]]
[[Image:Bankmandiri.png|200px||link=https://www.bankmandiri.co.id/ |alt=Bank Mandiri]]
[[Image:Logo-Bukalapak.png|200px||link=https://www.bukalapak.com/|alt=BUKALAPAK]]
[[Image:Logo-codemargonda (1).png|200px||link=https://www.codemargonda.com/|alt=Codemargonda]]
==Government Agency==

== Community ==
[[Image:Ncsd.PNG|200px||link=https://ncsd.or.id/|alt=National Cyber Security Defence ]]
[[Image:Bsidesid.png‎|200px||link=http://www.securitybsides.com/w/page/118994457/BSidesIndonesia/ |alt=BSidesIndonesia]]

=Meetup=
==Next Meetup==

We Are Currently seeking venue and sponsorship for owasp monthly meetup. if your company interested support us please email us : indonesia2018@owasp.org 
Want to talk at Our Chapter please email us :indonesia2018@owasp.org 

'''OWASP Jakarta Night Q4 2018 @Bukalapak.com'''

When: 28th November 2018 

From 17:00 pm - 22:00 pm 

venue : 
Bukalapak Engineering Office, Jalan Ampera Raya, RT.5/RW.10, Ragunan, South Jakarta City, Jakarta Indonesia
 

Sesi ini akan mendiskusikan tentang : 
1. Keynote speech by Badan Siber Sandi Negara / BSSN (Tbc) 
2. Security Championing by Vandy Putrandika 
3. Novice to expert in Deep Learning and why it's necessary? by rohit parab 
4. An architectural approach for decentralized applications by Ayodya Dewangga S R 

'''Event Program:''' 
17:00pm -18:00 pm - Arrival Participant & Registration 
18.00p.m - 18.30p.m - Keynote speech - Badan Siber Sandi Negara / BSSN (Tbc) 
18:30 pm – 19:15 p.m - Speech by Vandy Putrandika 
19.15 p.m - 19.45 p.m - Speech including Q & A by Rohit Parab 
20.45 p.m - 21.45 p.m - Speech including Q & A by Ayodya 
21:45 p.m - 22.00 pm - Networking Session /Photo Together 

This Meetup provide free Snack & food 

Sponsored by Bukalapak.com 

'''Topic: Security Championing''' 
Abstract: 

Resource, visibility and advocacy are always the main problems for the information security team in any company. Time and head count will always be scarce for the mandated scope of work. For a security bug, we might have to check all corners, rather than someone telling it to us. And no one actually thinks that infosec guys are the hero, right? 

Security championing model tries to be the silver bullet for all those, especially in companies who want to incorporate DevSecOps. Yet, the implementation is not without obstacle. It may even introduce new problems along the way. 

End of the talk one would be able to understand 

1. What is security championing? 
2. Who should implement security champion model and when is the best time? 
3. Where we can find and evangelize these security champions?
 
Bio:
 
'''Vandy Putrandika''' 
Vandy is a security, governance and project management generalist who is passionate about digital strategy and transformation. Currently he works at Bukalapak as the Head of Information Security and managing the super-awesome security team inside while juggling with several security programs.
 

Topic : 
'''An architectural approach for decentralized applications'''

1. Understanding web 2.0 and web 3.0 
2. The pros and cons of web 3.0 
3. What are decentralized applications? 
4. What are the benefits of decentralized application? 
5. How to build a decentralized application? 
6. How to secure decentralized application? 

'''Ayodya Dewangga S R'''

1. E-Channel Product Development Risk Officer at PT Bank Mandiri (Persero) Tbk 
2. Chief Information Security Officer at PT Dekodr Solusi Digital Indonesia 
3. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
4. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Rohit Parab '''

'''Title - Novice to expert in Deep Learning and why it's necessary?
'''
Bio - Co-Founder & CEO at Praemineo, Inc (The Artificial Intelligence Company). Almost a decade of solid hands-on experience in full life-cycle software development. Built applications in as varied as Desktop, Web and now in AI. Experienced in building high performance teams for high output in quicktime. A UX person. Strongly believes that a complete code should not just work, but also be clean and maintainable. An Artificial Intelligence enthusiast. 

Abstract - In brief, I will be sharing how someone can 

1. Get started with Deep Learning. 
2. What are the basic requirements. 
3. Online free resources. 
4. How much of math is required. 
5. What is the current state of Deep Learning and its effects on future. 

==Past Meetup==

'''OWASP JAKARTA NIGHT Q4 2018 '''

When: 22th October 2018 

From 17:00 pm - 22:00 pm 

venue : 

Plaza Mandiri Auditorium lantai 3 
Jl jendral gatot subroto Kav. 36-38 Jakarta 12190, Indonesia 

This Meetup provide free drink & food 

Sponsored by Bank Mandiri 

'''Talk''' 
1. How to protecting critical infrastructure national (Study case: asian games 2018) by Yusuf Hadiwinata Sutandar 

2. Security Engineering by Semi Yulianto 

Abstract: 
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. 

Topics: 
- Security Objectives 
- Security Design Guidelines 
- Security Modeling 
- Security Architecture and Design Review 
- Security Code Review 
- Security Testing 
- Security Tuning 
- Security Deployment Review 

These activities are designed to help meet security objectives in the software life cycle. 
Sesi ini including : 
Demo: Threat Modeling, Secure Code Review & Dynamic Analysis 

Short bio : 
Semi Yulianto 
BSc. (Accounting), M.IT (IT Security & Governance) 
Doctor in IT, Student at Graduate School of University of the East (Manila, Philippines)
MCT, MCDBA, MCTS, MCITP, MCSA, MCSE, MCT, CCNP, CWNA, CEH, ECSA, CHFI, ECSP, EDRP, CND,
CEI, SSCP, CISSP, CSSLP, CISA, CISM, CySA+, CASP, OSSA, CASE Java.
Co-Founder & CEO, Chief Hacking Officer (CHO) of PT. Systech Global Informasi (SGI Asia). 

Information Security Interim Consultant / Subject Matter Expert (SME) at PT. Trinusa Travelindo (Traveloka). 

Information Security/Cyber Security Practitioner, Consultant & Senior Technical Trainer 

More than 20 years working experience in the IT industry with experiences in the area of
Application and Software Development (Database and Management), Operating Systems,
Server Systems, Messaging and Collaboration, Inter-networking, Network Infrastructure,
Desktop Support and Application (Secure Programming & SDL) and Network Security. Has
trained IT Professionals from diverse organizations in Asia Pacific, Middle East and Africa
region namely Indonesia, Malaysia, Singapore, Thailand, Bhutan, Cambodia, Philippines, Saudi
Arabia/KSA, Tunisia, Morocco & South Korea. Proven track of records in delivering High
Quality IT training with very good to excellent feedback ratings (full clients’ satisfaction).
Deep knowledge and excellent skills on Vulnerability Assessment, Ethical Hacking,
Penetration Testing, IT Audit and Computer Forensics with combination of Technical and
Management expertise. Interested in Exploit Writing, Malware Analysis, Forensics on Moving
Data, and Cloud Computing Security. 
Mission: 'To create Awareness and Educate People in Information Systems Security' 

3. DevSecOps Automation: Speedup software delivery with security in mind by Denny 

Desc: 
Integrating SAST and DAST into SDLC (CI/CD) to quickly find potential security problem in both code and runtime, without sacrificing delivery time.
Focusing on the speed on deliveries and creating secure by default software,
 

Bio: 

Denny began his IT career as a software developer, have 5 years experience in developing application on various platform and it was a great advantage to jump into application security as a professional penetration tester for almost 5 years. Now working for Vantage Point Security as a Senior Application Security Consultant, focusing in Security Testing Integration into SDLC process. 

• Event Program: 
18.00 p.m - 18.30 p.m - Arrival Participant & Registration 
18:30 pm – 18:45 p.m - Speech by Nadira Bajrei from Bank Mandiri 
18.45p.m - 19.30 p.m - Speech including Q & A by Denny 
19.30 p.m - 20.30 p.m - Speech including Q & A by Yusuf Hadiwinata Sutandar 
20.30 p.m - 21.30 p.m - Speech including Q & A by Semi Yulianto 
21:30 p.m - 22.00 pm - photo together / networking Session 

OWASP Indonesia Online Session Talk 
Title: Strengthen and Scale security using DevSecOps([[Media:Devsecops-owasp-indonesia.pdf|PDF]]) 
Thursday, October 4, 2018 
1:00 PM to 2:00 PM 

Register : https://www.meetup.com/meetup-group-XxqLdaeY/events/255089357/ 
Speaker Bio 

Imran "secfigo" Mohammed is a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness. He is also the author of OWASP DevSecOps Studio, OWASP DevSlop and Awesome-Fuzzing projects. 

He was also nominated as community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking/training in conferences like Blackhat, OWASP AppSec, DevSecCon, PyCon, NullCon, All Day DevOps, Null and OWASP chapters. 

'''OWASP JAKARTA NIGHT Q3 2018 '''
Sesi ini akan mendiskusikan tentang : 
'''
Web Application by Design with OWASP''' 

Pembicara 
1. First Step to Web Application ISO27001 vs PCIDSS VS OWASP TOP 10 by Elias (Head of System Development Faspay) ([[Media:OWASPNightFaspay.pdf|PDF]]) 
2. Building a tailored AppSec Program using OpenSAMM by Suman Sourav & Tuyen Do 

'''Abstract: Building a tailored AppSec Program using OpenSAMM''' 
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices 
• Building a balanced software security program in well-defined iterations 
• Demonstrating concrete improvements to a security assurance program 
• Defining and measuring security-related activities within an organization 
 
This session is focused on the practical implementation of an AppSec Program based on your organization needs and business risk appetite. Most of the AppSec program fails because of lack of programmatic approach and strategic rollout. Participants will learn about an importance of a Security Program Management, how it solves people, process and technologies challenges in implementing an AppSec program, driving results and metrics relevant to the different stakeholders. 

Speaker Bio:
 
Suman is a Certified Secure Software Lifecycle Professional (CSSLP) having more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds a unified approach to deal with the root cause of software security problems. Currently he is working with Vantage Point Security as a Regional Program Director for Vantage Point Security and helping clients in SEA region to implement application security program.
 
Tuyen is an experienced Security Programme Manager, highly strategic, analytical and performance driven professional with 7+ years of blended experience in managing strategic programs /initiatives within banking & financial, and information technology sectors. Dynamic, versatile, hands-on Program Leader who leads teams to design & implement successful projects/programs that align business objectives and deliver rapid results, within timelines, budgets, and as per specifications.
 

Catatan :
 
peserta tidak perlu membawa laptop acara ini free for everyone 

Acara ini akan diadakan pada: 27th September 2018 

From 18:00 pm - 22:00 pm 

[https://www.meetup.com/meetup-group-XxqLdaeY/events/254502146/?_xtd=gatlbWFpbF9jbGlja9oAJDM1ODIxOTk5LTZlNmYtNDA0Ny05ZDZlLThiYmYzNzQzNTgyZA&_af=event&_af_eid=254502146 REGISTER HERE]

venue : 
Faspay Working Space 
Jakarta Pusat 
'''OWASP Jakarta Night #2'''

When 
19:00 - 22:00 
Tue, Aug 7, 2018 

Where 
Venue: 
Marque at Cyber 2 Tower, 
Jl. H. R. Rasuna Said Blok X-5 Cyber 2 Tower 17th Floor, RT.7/RW.2, Kuningan Timur, Jakarta, Kota Jakarta Selatan, 12950, Indonesia 

[https://www.eventbrite.com/e/owasp-jakarta-night-2-tickets-48230657194 Registration in here] 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader , Ade Yoseman Putra 
19.15p.m - 19.30 p.m - Speech including Q & A OWASP Indonesia Co Chapter Leader by Suman Sourav 
19.30 p.m - 20.30 p.m - Speech including Q & A by David Holmes 
20.30 p.m - 21.30 p.m - Speech including Q & A by Harley Davidson Karel ([[Media:Owasp_Jakarta_Night_-2.pdf|PDF]]) 
21:30 p.m - 22.00 pm - photo together/networking session 

Topic:

'''Hybrid Cloud Security'''

Hybrid Cloud Security continues to be relevant topic. David Holmes ( Global Security Evangelist for F5 Networks) will detail F5’s experience assisting a Fortune 10 company overcome some of their security challenges in moving to a multi-cloud architecture. His presentation will also include a look at some new F5 technologies that secure and containerize application traffic.
 
Mr. Holmes is a 17-year veteran of F5 and has met with banking and finance, government, and private enterprise security teams all over the world so he usually has the measure of who is doing what and where. This is an excellent opportunity to pick his brain about architecture, industry trends, or any other security topic that is top of mind. 

More about David Holmes: 

Based in Asia Pacific, David Holmes is the Global Security Evangelist for F5 Networks. In this role, Holmes is spokesman, researcher and evangelist for F5’s threat intelligence division, with an emphasis on cryptography, distributed denial of service attacks, and the Internet of Things. He speaks at conferences such as RSA, InfoSec and Gartner Data Center.

Holmes authors white papers on security topics such as global cryptography trends and modern DDoS threat spectrum. He has also written for industry magazines such as the SCMagazine and Network World. These days,he writes regularly about vulnerabilities, technical solutions and the security industry for SecurityWeek.com and F5 Labs.

He joined F5 Networks in 2001, and, as a Principal Software Engineer, where he designed many of the system and core security features. Holmes has 20 years of experience in security and product engineering.

Prior to F5, Holmes was a Vice President of Engineering at Dvorak Development (in Boulder, CO) and a Senior Software Engineer (Security) at CyberSafe, Inc.

Holmes majored in Computer Science and Engineering Physics at the University of Colorado at Boulder. For public speaking, Holmes has a Competent Communicator award from Toastmasters International and other public speaking awards.
 

Many thanks to F5 for their sponsorship.
 

Harley Davidson Karel 

'''Topic : Static Analysis Security Testing (SAST) using open source
'''
 
Topic Extract : 

Find security issues on development stage using open source static analysis security testing (SAST), so that developer will be able to identify security issues on earlier stage of software development life cycle, rather than waiting for penetration testing stage. 

SAST demo will be conducted with command line interface usage, IDE integration, & Jenkins integration. The demo will scan and found security issues on several programming language such as Java, python, & ruby 

Bio: 

Harley Davidson Karel is working as Associate Application Security Consultant at Vantage Point Security Indonesia. He is EC-Council Certified and well trained in working in application security activities that help organisations to put security aspect in every stage of software development life cycle. He has been selected as a speaker for PyConMY 2018 Kuala Lumpur, PyConES 2018 Malaga Spain, GrillRB 2018 Wroclaw Poland.
 

 

'''OWASP Indonesia Q1 Meetup 2018'''

[[File:Owaspidq12018.jpeg|400px|center]]
==== Talks ====
 '''Reduce the Risk of a Data Breach with Open Source INTelligence (OSINT)''' 
by Ayodya (Security Engineer at Bukalapak) 
 '''Building Appsec Pipeline''' by Suman Sourav 
 '''OWASP Top 10 Mobile Application Vulnerability''' 
by Williams 

• Event Program: 
18.00p.m - 19.00p.m - Arrival Participant & Registration 
19:00 pm – 19:15 p.m - Speech by OWASP Indonesia Chapter Leader 
19.15p.m - 20.00 p.m - Speech including Q & A by Suman Sourav 
20.00 p.m - 20.45 p.m - Speech including Q & A by Ayodya 
20.45 p.m - 21.30 p.m - Speech including Q & A by william 
==== Speakers ====

'''Ayodya'''

[[File:Ayodya.jpg|200px]] 
1. Security Engineer at Bukalapak 
2. Master of Electrical Engineering (ICT Security) at University of Mercu Buana 
3. Founder Cyber Security Division at Computer Student Club of Jakarta State Polytechnic 

'''Williams'''

'''Suman Sourav'''
 Building Appsec Pipeline 

SOFTWARE SECURITY ASSURANCE & DEVSECOPS PROFESSIONAL - VANTAGE POINT SECURITY PTE. LTD SINGAPORE 

Suman has more than a decade experience in designing secure-SDLC programs and is passionate about integrating security into the development lifecycle. He is skilled beyond existing static analysis tools and code review techniques and shaping the way the industry secures code in a Continuous Deployment world. He has worked with various financial and non-financial institutions to implement software security life-cycle and has strong experience of creating an organizational framework to break silos security culture in the organization and builds an unified approach to deal with the root cause of software security problems. 

19:00 - 22:00 
Thursday, March 29, 2018 
Register :[closed] 
venue : 
[[File:Btpn.png|left]] 
Bank BTPN. Menara BTPN, 27 th floor - CBD Mega Kuningan Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950 

OWASP Jakarta Q4 2017 Meetup 
[[File:Owaspmeetupbtpn.jpg|400px|center]] 

19:00 - 22:00 
Tue, Nov 21, 2017 

BANK BTPN 
Menara BTPN - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 Jakarta 12950
 
OWASP Jakarta Q4 2017 Meetup 

Menara BTPN, 27 th floor - CBD Mega Kuningan 
Jl. Dr. Ide Anak Agung Gde Agung Kav. 5.5 – 5.6 
Jakarta 12950 
Theme : Application Security in Owasp top 10 2017 
When : 
at Q1 21th november 2017 
From 19:00 pm - 22:00 pm 

[https://www.eventbrite.com/e/owasp-jakarta-q4-2017-meetup-tickets-39109060252 CLOSED] 
==== Talks ====

* '''Secure coding practices with golang''' ([[Media:Owasp-171123063052.pdf|PDF]]) by sulhaedir (IT Security Spesialis at Tokopedia) 
* '''OWASP Risk Rating Management Project'''([[Media:Riskratingmanagement-170615172835.pdf |PDF]]) by M febri 

==== Speakers ====

'''sulhaedir'''

[[File:Sulhaedir.jpg|200px]]

Sulhaedir have 6 years experience in information security. he work as security specialist at TOKOPEDIA. he also Security research in nemosecurity 
 
'''M.Febri''' 

[[File:Febri.jpg|200px]] 

he work as Security Consultant at Visionet. 

Thanks for sponsor this meetup 
{{MemberLinks|link=https://www.btpn.com/ |logo=Bank_btpn.jpg }}

 
'''Workshop OWASP at "Sofware Freedom Day 2017"''' 
[[File:Sofware freedom day 2017.jpg|200px]] 

 workshop with KSL UBL "improving Security Attack and Defense with OWASP" 

when : Sat, September 16, 08:00 – 15:00 pm 
Auditorium Universitas Budi Luhur, Jl. Ciledug Raya No.126, RT.1/RW.2, Petukangan Utara, Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12260, Indonesia 
'''OWASP Indonesia Day 2017'''
[[File:Owaspdayid1.jpeg|center]]
 when Developers, startups, hackers will meet..
just visit us @ OWASP Indonesia Day 2017 
Yogyakarta, 09 th september 2017 
 https://www.owasp.org/index.php/OWASP_Indonesia_Day_2017 

if you interested sponsor our events just contact [mailto:ade.putra@owasp.org Ade Yoseman Putra] 

'''OWASP Jakarta Tech Day Meetup 2017'''
[[File:Owaspmeetup2.jpg|left|frameless]]
OWASP Jakarta succesfully host meetup on May 2017

with Theme: "How Secure Ecommerce"

Date: 14 May 2017 02 pm to 05 pm (GMT+7 Jakarta)

Venue: PTC Pulogadung Trade Centre Ballroom 2nd Floor

Jalan Raya Bekasi, RW.3, Rw. Terate, Cakung, Kota Jakarta Timur, DKI Jakarta 13920

Google Maps :

https://goo.gl/maps/gmZnSofLvEF2

==== Talks ====
* '''Turning Legal Website into DDoS Tool''' by Kalpin Erlangga (Indonesia Honeynet Project) ([[Media:IHP-OWASP-Kalpin-Presentation_-_Template-OWASP-Final.pdf|PDF]]) .
* '''The Art of phishing, and how to save yourself''' by Oliver Valentino (Security analyst [http://www.bukalapak.com BUKALAPAK]) ([[Media:OWASP_presentation_-Oliver_Valentino_-.pdf|PDF]]) 
* '''Trend Defacement On Indonesia E-Commerce Website''' by Achmad Syafaat (ID-SIRTII/CC) 
* '''Client Side Security And Testing Tools''' by David Cervigni ( [https://mindedsecurity.com/index.php/about-us/company Minded Security]) ([[Media:OWASP_presentation_jkt2017.pdf|PDF]])
* ''' Hacking as a Livestyle''' Matias Prasodjo(Dracos) ([[Media:Hacking_Live_Style_-_OWASP_Jakarta.pdf|PDF]]) 

==== Speakers ====
==== '''Kalpin Erlangga Silaen''' ====

[[File:Kelpin2.jpg]]

Kalpin Erlangga Silaen is a senior security consultant with experience more than 15 years in IT. He is a graduate of the Master of Computer in Faculty of Engineering and IT at Swiss German University. He was first winner as a team at Cyber Defense Competition, Ministry of Defense of Indonesia on 2013

(Jakarta) and 2014 (Surabaya). He has experience as security penetration tester for various industry such as telecommunication, banking, finance, and government for more than 7 years. His interests includes network and cloud security

'''Oliver Valentino'''

Oliver Valentino is a tech evangelist and security enthusiast. Currently work as a security analyst at [http://www.bukalapak.com bukalapak]. Got his bachelor degree from Universitas Advent Indonesia Bandung

'''David Cervigni'''

[[File:Dvd.jpg]]

David Cervigni is a Senior Security Consultant of the [https://mindedsecurity.com/index.php/about-us/company Minded Security] consultants team. He has a strong experience in collaborating closely with developer teams to securing SDLC and DevOps systems. His specialties include secure coding training, vulnerability assessment, manual and automated code review solutions, critical software design and compliance. His experience maturated mostly in the financial sector and in the biggest institutions across Swiss and UK markets. He holds a master's degree in computer science from the University of Camerino.

'''Achmad Syafaat'''

'''Matias Prasodjo'''

Matias Prasodjo is Vice Leader [https://dracos-linux.org/ DracOs Linux Team]. he is Subject Matter Expert Security and System at PT Lintas Teknologi Indonesia.

==Past Meetup==
OWASP Indonesia Meetup I 2017 on March 4 th, 2017 
See More [https://www.owasp.org/index.php/OWASP_Indonesia_Meetup_I_2017 OWASP Indonesia Meetup I 2017 on March 4 th, 2017]

=Bahasa=

OWASP Indonesia adalah sebuah salah satu cabang dari Yayasan OWASP di belahan dunia. Yayasan OWASP adalah terbuka dan organisasi non profit.Kami membuka kesempatan kepada orang indonesia untuk bergabung serta berkontribusi pada OWASP Indonesia (Jakarta) Chapter.

Apa Yang Bisa anda kontribusi kan pada Yayasan OWASP
===OWASP Indonesia Chapter===
1. Anda bisa menyediakan Tempat untuk Agenda kami 
2. Anda bisa menjadi Speaker & Trainer dalam setiap Event kami 
3. Anda bisa menjadi University Supporter Kami 
4. Anda bisa menjadi Donatur kami 
5. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) 

===OWASP Foundation===
1. Anda bisa menjadi Speaker & Trainer dalam setiap Event Yayasan OWASP di seluruh dunia 
2. Anda bisa menjadi Kontributor kami dengan submit projek (membuat tools, keamanan aplikasi, dsb) pada Yayasan OWASP Global 

how to register OWASP membership, berikut saya sudah jelaskan step by stepnya di [http://www.owasp.or.id/2017/01/owasp-membership.html web owasp.or.id]

==Berita==

Kami mencari volunteer untuk penerjemahan OWASP 2013 Top Ten dari Bahasa Inggris ke dalam Bahasa. Saat Ini sedang dalam pengerjaan / On Progress.
Silahkan bergabung dengan tim kami [https://www.owasp.org/index.php/OWASP_Top_10_2013_-_Bahasa_Indonesia tim penerjamah OWASP 2013 Top 10-Bahasa]

=Our Chapter Leadership=

{| class="wikitable"
|-
! scope="col" style="width: 20%; font: bold;" |''' Chapter Leadership Board Member Role'''
! scope="col" |Responsibilities
! scope="col" |Person(s)
|-
|Chapter Leader / Chairman
|The central point of contact for the Chapter and responsible to the OWASP Board. Serves as Chapter Leader and Chapter board chair.
|Ade Yoseman Putra

|-
|Sponsor Coordinator
|Serves as the primary liaison between the Chapter and all sponsors, and solicits sponsors for the Chapter meetings, happy hours, and other events.
|Hilman Aditya

|-
|Speaker and Special Event Coordinator
|Seeks and schedules speakers for monthly Chapter meetings and other events.
|Dewo Nur Satrio
|-

|Conference/Event/Meetup Coordinator
|Coordinates all of the efforts for the annual OWASP Indonesia Day, OWASP Jakarta Night & all OWASP Jakarta Events.
|Eka Syahfitri
|-
|PR/Marketing Coordinator/Designer Grafis
|Provides marketing of OWASP Indonesia Day and other Chapter events.
|Muhamad Iqbal Dewanto

|-
|Equipment Committee
|Equipment Committee for OWASP Meetup
|Bima

|-
|Volunteer
|Volunteer Lists
|Achmad Syafaat, Gumux Hijack, Ali Kaharu , Amanu

|-
|Finance
|The Chapter Leader is designated as primary person responsible for Chapter budget and Chapter expense approvals.
The previous Chapter Leader is designated as secondary approver, who also will approve any expenses submitted by the Chapter Leader.
|

|-
|Advisory Board Members
|Made up of previous Chapter leaders who provide mentoring, coaching, and assistance to the board and contribute to the Chapter’s success.
|

|}

<headertabs></headertabs>

GoogleSeasonOfDocs2019

2019-05-02T07:53:05Z

Yoseman:

GoogleSeasonOfDocs2019

2019-05-02T07:50:54Z

Yoseman:

= Overview =

OWASP is going to apply to participate in the inaugural [https://developers.google.com/season-of-docs/ Google Season of Docs]

The organization application is in and we are awaiting notification of acceptance into the program.

If you plan to be a mentor for 2019, please [https://docs.google.com/forms/d/e/1FAIpQLSe-JjGvaKKGWZOXxrorONhB8qN3mjPrB9ZVkcsntR73Cv_K7g/viewform Register Here]

= OWASP Project Documentation Requests =

'''Tips to get you started in no particular order:'''
'''* Read [https://developers.google.com/season-of-docs/docs/project-ideas Google Season of Docs Project Ideas]'''
'''* Read [https://developers.google.com/season-of-docs/terms/program-rules Program Rules]'''

==OWASP ZAP==
[[OWASP Zed Attack Proxy Project]] (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.

=== The API ===
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation.
Unfortunately is also not particularly well documented and we get many queries about it on the support groups.

Existing documentation includes:
* https://github.com/zaproxy/zaproxy/wiki/ApiDetails
* https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index

This project would:
# Explain the concepts behind the UI
# Explain how it can be used at a high level
# Detail all of the API calls

The documentation should be suitable for publishing as web pages and for printing on paper.

=== Zest ===
Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools.
While it is tool independent it is heavily used by ZAP.

Existing documentation includes:
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Zest
* https://github.com/mozilla/zest/wiki

This project would:
# Explain the concepts behind the Zest
# Explain how to write Zest scripts
# Document the ZAP Desktop UI provided relating to Zest

The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.

==OWASP Juice Shop==
[[OWASP Juice Shop Project]] is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

==="Pwning OWASP Juice Shop" Companion Guide===

''[https://leanpub.com/juice-shop Pwning OWASP Juice Shop] is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under [https://creativecommons.org/licenses/by-nc-nd/4.0/ CC BY-NC-ND 4.0] and is available '''for free''' as work-in-progress in [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop HTML, PDF, Kindle and ePub format on GitBook]. The latest officially released edition is [https://leanpub.com/juice-shop available '''for free''' on LeanPub in PDF, Kindle and ePub format].''

[[File:PwningOWASPJuiceShop_Cover.jpg|link=https://leanpub.com/juice-shop|100px]]

''The book is divided into three parts:''
# ''Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools)''
# ''Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application)''
# ''Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project)''

Primary focus points of this project could be:
# Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format ''(Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub '''and''' to be able to host it in HTML online-readable form)''
# Tackle the idea to [https://github.com/bkimminich/pwning-juice-shop/issues/21 generate a special "CTF Edition"] of the book from the same source content

This project could additionally:
* Add hints and solutions for currently undocumented challenges (marked with ''':wrench: **TODO**''')
* Extend the "Codebase 101" chapter with more details and examples for new contributors
* Review, curate and extend the other existing content

==OWASP-Securetea Tools Project==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows). The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium. . - https://github.com/OWASP/SecureTea-Project/blob/master/README.md 
This project would: 
1. Review, curate and extend the other existing content of [https://github.com/OWASP/SecureTea-Project/blob/master/README.md#target-user User Guide] and [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Developer Guide] 

2.Help to translate into many languages as you can do 
Example : [https://github.com/OWASP/SecureTea-Project/blob/master/doc/ja-JP/README.md Japanese Translate] 
3. As Content Writer we need your best ideas for improve The SecureTea Project Documentation. 
4. Help Our Programmer/Contributors to create their Documentation such as
Website content,wiki,user docs and developer docs, etc which not yet publish/completed. 
5. Camera, action . we actually not bollywood but we want create video related our project https://www.youtube.com/channel/UCGdl9tpc1qZYcM3WRRFRPPA 

== OWASP DefectDojo ==
OWASP DefectDojo is a popular open source vulnerability management tool and is used as the backbone for security programs. It is easy to get started with to work on! We welcome volunteers of all experience levels and are happy to provide mentoring.

The existing documentation is on [https://defectdojo.readthedocs.io/en/latest/ Read the Docs] and is created based on the [https://github.com/DefectDojo/Documentation DefectDojo documentation repo].

The project would:
* Review and update the current documentation based on the latest release in the master branch
* Update and expand documentation sections including
** Installation including the new Docker Compose and Kubernetes
** Liberal inclusion of screenshots or screencasts for various features of the web UI
** Integrations with various security tools
** workflows and other real-world use cases that DefectDojo solves
* Validate the documentation against the Python3 branch which will be the bases for the next major release of DefectDojo
* Translating the current documentation to languages other than English

GoogleSeasonOfDocs2019

2019-05-02T07:50:20Z

Yoseman:

= Overview =

OWASP is going to apply to participate in the inaugural [https://developers.google.com/season-of-docs/ Google Season of Docs]

The organization application is in and we are awaiting notification of acceptance into the program.

If you plan to be a mentor for 2019, please [https://docs.google.com/forms/d/e/1FAIpQLSe-JjGvaKKGWZOXxrorONhB8qN3mjPrB9ZVkcsntR73Cv_K7g/viewform Register Here]

= OWASP Project Documentation Requests =

'''Tips to get you started in no particular order:'''
'''* Read [https://developers.google.com/season-of-docs/docs/project-ideas Google Season of Docs Project Ideas]'''
'''* Read [https://developers.google.com/season-of-docs/terms/program-rules Program Rules]'''

==OWASP ZAP==
[[OWASP Zed Attack Proxy Project]] (ZAP) one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.

=== The API ===
ZAP has an extremely powerful API that allows you to do nearly everything that possible via the desktop interface. It is considered on of ZAPs strengths and is heavily used for automation.
Unfortunately is also not particularly well documented and we get many queries about it on the support groups.

Existing documentation includes:
* https://github.com/zaproxy/zaproxy/wiki/ApiDetails
* https://github.com/zaproxy/zaproxy/wiki/ApiGen_Index

This project would:
# Explain the concepts behind the UI
# Explain how it can be used at a high level
# Detail all of the API calls

The documentation should be suitable for publishing as web pages and for printing on paper.

=== Zest ===
Zest is an experimental specialized scripting language developed by the ZAP team and is intended to be used in web oriented security tools.
While it is tool independent it is heavily used by ZAP.

Existing documentation includes:
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Zest
* https://github.com/mozilla/zest/wiki

This project would:
# Explain the concepts behind the Zest
# Explain how to write Zest scripts
# Document the ZAP Desktop UI provided relating to Zest

The documentation should be suitable for publishing as web pages and ideally the parts relating to the ZAP Desktop UI should be able to be included within the UI as context sensitive help.

==OWASP Juice Shop==
[[OWASP Juice Shop Project]] is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

==="Pwning OWASP Juice Shop" Companion Guide===

''[https://leanpub.com/juice-shop Pwning OWASP Juice Shop] is the official companion guide for this project. It will give you a complete overview of the vulnerabilities found in the application including hints how to spot and exploit them. In the appendix you will even find complete step-by-step solutions to every challenge. The ebook is published under [https://creativecommons.org/licenses/by-nc-nd/4.0/ CC BY-NC-ND 4.0] and is available '''for free''' as work-in-progress in [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop HTML, PDF, Kindle and ePub format on GitBook]. The latest officially released edition is [https://leanpub.com/juice-shop available '''for free''' on LeanPub in PDF, Kindle and ePub format].''

[[File:PwningOWASPJuiceShop_Cover.jpg|link=https://leanpub.com/juice-shop|100px]]

''The book is divided into three parts:''
# ''Part I - Hacking preparations (helps you to get the application running and to set up optional hacking tools)''
# ''Part II - Challenge hunting (gives an overview of the vulnerabilities found in the OWASP Juice Shop including hints how to find and exploit them in the application)''
# ''Part III - Getting involved (shows up various ways to contribute to the OWASP Juice Shop open source project)''

Primary focus points of this project could be:
# Migrate the eBook from (legacy) GitBook format to either latest GitBook or another suitable format ''(Mandatory requirement is the ability to generate PDF/ePub/Mobi versions of the book for LeanPub '''and''' to be able to host it in HTML online-readable form)''
# Tackle the idea to [https://github.com/bkimminich/pwning-juice-shop/issues/21 generate a special "CTF Edition"] of the book from the same source content

This project could additionally:
* Add hints and solutions for currently undocumented challenges (marked with ''':wrench: **TODO**''')
* Extend the "Codebase 101" chapter with more details and examples for new contributors
* Review, curate and extend the other existing content

==OWASP-Securetea Tools Project==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows). The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium. . - https://github.com/OWASP/SecureTea-Project/blob/master/README.md 
This project would: 
1. Review, curate and extend the other existing content of [https://github.com/OWASP/SecureTea-Project/blob/master/README.md#target-user User Guide] and [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Developer Guide] 

2.Help to translate into many languages as you can do 
Example : [https://github.com/OWASP/SecureTea-Project/blob/master/doc/ja-JP/README.md Japanese Translate] 
3. As Content Writer we need your best ideas for improve The SecureTea Project Documentation. 
4. Help Our Programmer/Contributors to create their Documentation such as
Website content,wiki,user docs and developer docs, etc which not yet publish/completed. 
5. Camera, action . we actually not bollywod but we want create video related our project https://www.youtube.com/channel/UCGdl9tpc1qZYcM3WRRFRPPA 

== OWASP DefectDojo ==
OWASP DefectDojo is a popular open source vulnerability management tool and is used as the backbone for security programs. It is easy to get started with to work on! We welcome volunteers of all experience levels and are happy to provide mentoring.

The existing documentation is on [https://defectdojo.readthedocs.io/en/latest/ Read the Docs] and is created based on the [https://github.com/DefectDojo/Documentation DefectDojo documentation repo].

The project would:
* Review and update the current documentation based on the latest release in the master branch
* Update and expand documentation sections including
** Installation including the new Docker Compose and Kubernetes
** Liberal inclusion of screenshots or screencasts for various features of the web UI
** Integrations with various security tools
** workflows and other real-world use cases that DefectDojo solves
* Validate the documentation against the Python3 branch which will be the bases for the next major release of DefectDojo
* Translating the current documentation to languages other than English

Risk Assessment Framework

2019-05-02T02:47:07Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

=Home=
The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

==Project About==
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

=Roadmap=

https://github.com/OWASP/RiskAssessmentFramework/blob/master/readme.md




==Getting Involved==
 
Involvement in the development and promotion of his project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:46:37Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

=Home=
The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

=Roadmap=

https://github.com/OWASP/RiskAssessmentFramework/blob/master/readme.md




==Getting Involved==
 
Involvement in the development and promotion of his project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:46:07Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

=Roadmap=

https://github.com/OWASP/RiskAssessmentFramework/blob/master/readme.md




==Getting Involved==
 
Involvement in the development and promotion of his project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:45:13Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

==Roadmap==

As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Documentation Project Template
* Get other people to review the Documentation Project Template and provide feedback
* Incorporate feedback into changes in the Documentation Project Template
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
 
Involvement in the development and promotion of his project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:44:16Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

==Roadmap==

As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Documentation Project Template
* Get other people to review the Documentation Project Template and provide feedback
* Incorporate feedback into changes in the Documentation Project Template
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
 
Involvement in the development and promotion of Documentation Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:43:54Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

OWASP Risk Asessement Framework is guidance Sast Tools, Vapt tools and Risk Assesment tools.
Introduction to Problem: 
There are hundreds of SAST tools available for a penetration tester to use from and there
are frameworks to assess the risk of a security flaw. But in the OWASP Risk Assessment to testers
have to manually input the the test results from each and every tool to get a relative
approximation. This makes the assessment part as a separate component from all other tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

==Roadmap==

As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Documentation Project Template
* Get other people to review the Documentation Project Template and provide feedback
* Incorporate feedback into changes in the Documentation Project Template
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
 
Involvement in the development and promotion of Documentation Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:39:02Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / RAF ==

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.
features 
Web Deface Detection 
Scanning Tools based on OWASP Top 10 
Risk Assesment Tools 
Static Application security Testing 


==Description==

OWASP Risk Asessement Framework is guidance Sast Tools, Vapt tools and Risk Assesment tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

==Roadmap==

As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Documentation Project Template
* Get other people to review the Documentation Project Template and provide feedback
* Incorporate feedback into changes in the Documentation Project Template
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
 
Involvement in the development and promotion of Documentation Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

Risk Assessment Framework

2019-05-02T02:36:43Z

Yoseman:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Risk Asessement Framework is SAS(Source Code Analysis) and Risk Assesment tool.

=Project About=
https://github.com/OWASP/RiskAssessmentFramework


==OWASP Risk Assessment Framework Project / ORASFP ==

This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.


The OWASP Documentation Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.

==Description==

OWASP Risk Asessement Framework is guidance Sast Tools, Vapt tools and Risk Assesment tools.

==Licensing==

A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.


This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

==Roadmap==

As of November, 2013, the highest priorities for the next 6 months are:

* Complete the first draft of the Documentation Project Template
* Get other people to review the Documentation Project Template and provide feedback
* Incorporate feedback into changes in the Documentation Project Template
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project


Subsequent Releases will add

* Internationalization Support
* Additional Unit Tests
* Automated Regression tests


==Getting Involved==
 
Involvement in the development and promotion of Documentation Project Template is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:
Contact me at ade.putra@owasp.org
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==

[https://github.com/OWASP/RiskAssessmentFramework
Installation Package] 
[https://github.com/OWASP/RiskAssessmentFramework Source Code]

== Project Leader ==
Ade Yoseman Putra

Rejah Rehim

== Related Projects ==

* [[OWASP Testing Guide v4 Table of Contents]]
* [[OWASP SonarQube Project]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Document]]
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[Image:Creative%20Commons.png| 90px | link=https://creativecommons.org/licenses/by-sa/3.0/| Creative Commons Attribution ShareAlike 3.0 License]]
|}
|}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Document]]

GSoC2019 Ideas

2019-04-29T05:18:45Z

Yoseman:

=OWASP Project Requests=

'''Tips to get you started in no particular order:'''
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''
'''* Read the [[GSoC SAT]] '''
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]
* Contact us through the mailing list or irc channel.
* Check our [https://github.com/OWASP github organization]

==OWASP-SKF==

=== Idea 1 Improving the Machine Learning chatbot: ===
We want to extend the functionality of SKF Bot. (Security Knowledge Framework Chatbot):

Some improvements or the suggestions which we can do to improve the functionality are:

1. Create a desktop version of the chatbot. Where people can install the setup file on their local machine.

2. Create a Plugin or website bot which we can add in the website for better chat experience for the user.

3. Extend the bots capability to do the google search (using web scraping) for the things which are not available in the database. So, it will have a wider scope of knowledge.

4. Add basic conversation flow which makes SKF Bot friendly and provides the better user experience. Example: Replies to the general queries like How are you? What is your Name etc?

5. Extend the bot capability to reply to what security controls should be followed from the ASVS and MASVS or other custom checklists that are present in SKF.
# Extend the bot to different platforms like Facebook, telegram, slack, Google Assistant etc.
Existing chatbot implementation is on Gitter. You can test the bot by typing @skfchatbot on Gitter Community.

'''Getting started:'''

· Get familiar with the architecture and code base of SKF (Security Knowledge Framework)

· Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results

· Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services

'''Knowledge Prerequisites:'''

· Python 3+, Flask, Coffee Script

'''Mentors and Leaders'''

Glenn ten Cate (Mentor, Project leader)

Riccardo ten Cate (Mentor, Project leader)

Priyanka Jain (Mentor)

=== Idea 2 Improving and building Lab challenges and write-ups: ===
Build lab examples and write-ups (how to test) for different vulnerabilities over different technology stacks. These challenges are to be delivered in Docker so they can be

easily deployed.

In the current situation the security knowledge framework ultimately presents a list of security controls with correlating knowledge base items that contain a description and

a solution. The new labs are used to give the software developers or application security specialists a more in depth understanding and approach on how to test the

vulnerabilities in their own code.
* For example we have now around 20 lab challenges in Docker container build in Python:
** A Local File Inclusion Docker app example:
*** https://github.com/blabla1337/skf-labs/tree/master/LFI
** A write-up example:
*** https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection
The images that are pushed to the Github repository are already automatically build and pushed to a docker registry where the SKF users can easily pull the images from to get their

labs running. Of course they can download it and build it themselves from source by pulling the original repository.

=== Idea 3 Addition of exploitation framework + labs + challenges and write ups ===
The proposal for SKF (Security Knowledge Framework) involves addition of “Exploit Development Framework” , the idea revolves around how does one start with Linux exploit development from basic string format attacks to advance buffer overflows.

The idea is to develop an addition (framework) which intergrates SKF, that now gives you an hands on experience for writing exploit code deployed over various containers with the help of dockers for easy and instant deployment.

The framework will involve a browser based environmental (shell) and inbuilt chat utility that will be guiding you on how to go from an absolute beginner with gdb basics to all the way to how to bypass various protections like ASLR/NX/Canaries on Linux environment.

Each challenge will have a dedicated container to easily maintain various challenges, also it will give you an option to connect to binary running on a particular port if you want to access it via your own machine, and also the source to the vulnerable code. This idea gives user a flexibility to experiment with the idea and even automate the attacks in python via socket programs or user intermediate framework like pwntools.

The whole idea of challenges isn’t limited to stack based buffer overflows, but includes various challenges like format string attacks, double frees, heap overflows and privilege escalations.

Total number will be deploying 20 challenges, the whole idea isn’t limited to exploit development but also to try out some very advance exploitation techniques like blind ROPs and lots of experimentation.

The whole add on also comes with a dedicated document with very well written ways to exploit challenges in various flavours like manual, automated, advanced.

Upon completion of labs and write ups the NLP model can be trained now to know not just web, but also all about various languages like C / C++ coding best practices and risk involved with calls like free (); puts(); and not just only tell the theory on why is it bad but also train you and guide you why it is bad and how you can write an exploit from a vulnerable code.

Upon completion of labs with ASLR turned off on (non ASLR) stages they can be turned on and lead to ROP with ASLR and even more challenging questions.

'''Mentors and Leaders'''

Glenn ten Cate (Mentor, Project leader)

Riccardo ten Cate (Mentor, Project leader)

Priyanka Jain (Mentor, SKF Contributor)

== OWASP DefectDojo ==
OWASP DefectDojo is a popular open source vulnerability management tool and is used as the backbone for security programs. It is easy to get started with to work on! We welcome volunteers of all experience levels and are happy to provide mentorship.

'''Issue Tracking:'''

Enhancement [https://github.com/DefectDojo/django-DefectDojo/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement requests] and [https://github.com/DefectDojo/django-DefectDojo/issues?q=is%3Aissue+is%3Aopen+label%3Abug bugfixes] are located in Github issues. This project could implement a whole bunch of new features one by one and release them over the course of several small releases.

'''Expected Results:'''
* 5 or more new features or functional enhancements of significant scope for OWASP DefectDojo
* Each feature comes with full functional unit and integration tests
'''Getting started:'''
* Get familiar with the architecture and code base of the application built on Django
* Review the application functionality and familiarize yourself with Products, Engagements, Tests and Findings.
* Get familiar with the CI/CD process based on Travis-CI
'''Knowledge Prerequisites:'''
* Python, Django, Javascript, Unit/Integration testing.
'''Potential Mentors:'''
* [[Mailto:aaron.weaver2+gsoc@gmail.com|Aaron Weaver]] - DefectDojo Project Leader
* [[Mailto:greg.anderson@owasp.org|Greg Anderson]] - DefectDojo Project Leader
* [[Mailto:matt.tesauro@owasp.org|Matt Tesauro]] - DefectDojo Project Leader
'''Option 1: Unit Tests - Difficulty: Easy'''
* If you're new to programming, unit tests are short scripts designed to test a specific function of an application.
* The project needs additional unit tests to ensure that new code functions properly.
* Review the current [https://github.com/DefectDojo/django-DefectDojo/tree/dev/dojo/unittests unit tests]
* Complete Code Coverage Testing
** Validate Tests exist for the following (create any that are missing):
*** Finding, Test, Engagement, Reports, Endpoints
*** Import from all scanners
'''Option 2: Python3 Completion'''
* DefectDojo is finishing up a migration to Python3
Test the current [https://github.com/DefectDojo/django-DefectDojo/tree/python3/dojo/unittests state] of Python3
* Ensure all features work
* Travis testing works correctly
'''Option 3: Scan 2.0 / Launch Containers'''

Scan 2.0 consists of automating the scanning orchestration within DefectDojo. Several proof of concepts exist for this using the AppSecpPipeline to launch containers and then push those finding into the appropriate product.
* Use the [https://github.com/appsecpipeline/AppSecPipeline-Specification AppSecPipeline] containers to build a scanning pipeline built on top of [https://www.openfaas.com/ OpenFaaS]
* Scans should be able to be scheduled by DefectDojo and then invoked via the REST API call to OpenFaaS
* Upon scan completion the results will be posted back to DefectDojo via DefectDojo's REST API and consumed as an engagement/test.
* Pick 2 or 3 popular open source scanners such as NMAP, ZAP and Nikto to start out with.

== OHP (OWASP Honeypot) ==

[[OWASP_Python_Honeypot|OWASP Honeypot]] is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.

=== Getting Start ===

It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to adding more modules and optimize the core.

=== Technologies ===

Currently we are using

* Docker
* Python
* MongoDB
* TShark
* Flask
* ChartJS
* And more linux services

=== Expected Results ===

* Zero Bugs: Currently we may have several bugs in different conditions, and it's best to test the all functions and fix them
* Monitoring: Right now monitoring limited to the connections (send&recieve) and it's best to store and analysis the contents for farther investigations and recognizing incoming attacks.
* Duplicated codes: codes are complicated and duplicated in engine, should be fixed/clean up
* New modules: add some creative ICS/Network/Web modules andvulnerable web applications, services and stuff
* API: update API sync to all features
* WebUI: Demonstrate and add API on WebUI and Live version with all features
* WebUI Special Reports: Track the attacks more creative and provide high risk IPs
* Database: Better database structure, faster and use queue
* Data analysis: Analysis stored data and attack signatures
* OWASP Top 10: Preparing useful processed/raw data for OWASP top 10 project

=== Students Requirements ===

* Python
* Packet Analysis & Tshark & Libpcap
* Docker
* Database
* Web Development Skills
* Honeypot and Deception knowledge

=== Mentors and Leaders ===

* [mailto:ali.razmjoo@owasp.org Ali Razmjoo] (Mentor & Project Leader)
* [mailto:ehsan@nezami.me Ehsan Nezami] (Mentor & Project Leader)
* [mailto:reza.espargham@owasp.org Reza Espargham](Mentor)
* [mailto:abiusx@owasp.org Abbas Naderi] (Mentor)

== OWASP Juice Shop ==

[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and Angular. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the potential mentors (@bkimminich, @J12934 and @CaptainFreak) there if you like!

To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''

=== Feature Pack 2019 ===

'''Brief Explanation:'''

Ideas for potential new functionality and "business" features are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Afeature GitHub issues labeled "feature"]. This project could implement a whole bunch of new features one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.

''Coming up with good additional ideas for features and new functionality in the proposal could make the difference between being selected or declined as a student for this project!''

'''Expected Results:'''
* 5 or more new features or functional enhancements of significant scope for OWASP Juice Shop (not necessarily including corresponding challenges)
* Each feature comes with full functional unit and integration tests
* Extending the functional walk-through chapter of the "Pwning OWASP Juice Shop" ebook
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.

''' Getting started: '''
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services

'''Knowledge Prerequisites:'''
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, security knowledge is optional.

'''Potential Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator
* Shoeb Patel - OWASP Juice Shop Contributor (and former GSoC 2018 Student)

=== Juice Shop Mobile ===

'''Brief Explanation:'''

A complete mobile client for Juice-Shop API which will serve a legit mobile experience for Juice-Shop user as well as a plethora of Mobile app vulnerabilities and challenges around them to solve. Should in the best case translate the idea of Juice Shop's hacking challenges with a score board and success notifications into the mobile world.

''Coming up with a sophisticated proposal (optimally even with a good initial sample implementation) could make the difference between being selected or declined as a student for this project!''

''' Getting started '''
* Get familiar with the architecture and code base of the application's RESTful backend
* Get familiar with Native App developement
* Get familiar with Mobile vulnerabilities

'''Expected Results:'''
* A mobile App with consistent UI/UX for Juice-Shop with standard client side vulnerabilities.
* Sufficient initial release quality (en par with Juice Shop and Juice Shop CTF) to make it an official extension project hosted in its own GitHub repository ''bkimminich/juice-shop-mobile''
* Code follows existing styleguides and applies similar quality gates regarding code smells, test coverage etc. as the main project.

'''Knowledge Prerequisites:'''
* Javascript, Unit/Integration testing, experience with (or willingness to learn) React Native and NodeJS/Express, some Mobile security knowledge would be preferable.

'''Potential Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator
* Shoeb Patel - OWASP Juice Shop Contributor (and former GSoC 2018 Student)

=== Challenge Pack 2019 ===

'''Brief Explanation:'''

Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.

''Coming up with good additional ideas for challenges in the proposal could make the difference between being selected or declined as a student for this project!''

'''Expected Results:'''
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges)
* Each challenge comes with full functional unit and integration tests
* Each challenge is verified to be exploitable by corresponding end-to-end tests
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.

''' Getting started: '''
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services

'''Knowledge Prerequisites:'''
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.

'''Potential Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator
* Shoeb Patel - OWASP Juice Shop Contributor (and former GSoC 2018 Student)

=== Your idea ===

'''Brief Explanation:'''

You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!

''' Getting started '''
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]

'''Expected Results:'''
* A new feature that makes OWASP Juice Shop even better
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.

'''Knowledge Prerequisites:'''
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.

'''Mentors:'''
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader

==OWASP-Securetea Tools Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.
. -
https://github.com/OWASP/SecureTea-Project/blob/master/README.md

===Brief Explanation===
We are looking any awesome idea to improve Securetea Project that is not on this list? We are expecting make this project will be useful to everyone to secure their Small IoT.

===Idea===
Below roadmap and expect results you can choose to improve Securetea Project .
if any bugs please help to fix it

===Roadmap===
See Our Roadmap 
https://github.com/OWASP/SecureTea-Project#roadmap 

===Expect Results ===
 
Securetea Protection /firewall 
Securetea Antivirus 
Notify by Whatsapp 
Notify by SMS Alerts 
Notify by Line 
Notify by Telegram 
Intelligent Log Monitoring include Web Deface Detection 
Detection of malicious devices 
Login History 
=== Students Requirements ===

* Python
* Javascript
* Angular and NodeJS/Express
* Database
* Linux

=== Mentors ===

* [mailto:ade.putra@owasp.org Ade Yoseman Putra] - (OWASP Securetea Project Leader) 
* [mailto:rejah.rehim@owasp.org Rejah Rehim.A.A]]- (OWASP Securetea Project Leader)
 

==OWASP OWTF==
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.

=== OWASP OWTF - Passive Online scanner improvements ===
'''Brief Explanation'''

OWTF allows many passive tests, such as those using third party websites like Google, Bing, etc. searches, as well as handy "Search for vulnerability" search boxes (i.e. Fingerprinting plugin). This feature involves the creation of a '''script''' that produces an interactive OWTF report with the intention of hosting it in the github.io site. The idea here is to have a passive, JavaScript-only interactive report available on the owtf.github.io site, so that people can try OWTF '''without installing anything''', simply visiting a URL.

This would be a normal OWTF interactive report where the user can:
* Enter a target
* Try passive plugins (only the parts that use no tools)
* Play with boilerplate templates from the OWTF interactive report
An old version of the passive online scanner is hosted at https://owtf.github.io/online-passive-scanner.

'''LEGAL CLARIFICATION (Just in case!)''': The passive online scanner, simply makes OWTF passive testing '''through third party websites''' more accessible to anybody, however it is the user that must 1) click the link manually + 2) do something bad with that afterwards + 3) doing 1 + 2 WITHOUT permission :). Therefore this passive online scanner does not do anything illegal [http://www.slideshare.net/abrahamaranguren/legal-and-efficient-web-app-testing-without-permission More information about why this is not illegal here] (recommended reading!)

For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF

'''Expected results:'''
* '''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code]/ES6 JavaScript code in all modified code and surrounding areas.'''
* High performance
* Reliability
* Ease of use
* Test cases
* Good documentation

'''Knowledge Prerequisite:'''

A good knowledge of JavaScript and writing ES6 compliant React/TypeScript is needed. Previous exposure to security concepts and penetration testing is not required but recommended and some lack of this can be compensated with pre-GSoC involvement and will to learn.

'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia]

===OWASP OWTF - MiTM proxy interception and replay capabilities===
'''Brief Explanation:'''

The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).

The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible
*ability to intercept the transactions
*modify or replay transaction on the fly
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code
Bonus:
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)

*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)
*Create a browser instance and do the necessary login procedure
*Handle the browser for the URI
*When called to close the browser, do a clean logout and kill the browser instance.
'''Expected results:'''
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''
*CRITICAL: Excellent reliability
*Good performance
*Unit tests / Functional tests
*Good documentation
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.

'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders
===OWASP OWTF - Web interface enhancements===
'''Brief explanation:'''

The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.

For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF

'''Expected results:'''
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''
*'''CRITICAL''': Excellent reliability and performance.
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.

'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders
===OWASP OWTF - New plugin architecture===
'''Brief explanation:'''

The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.

This issue is documented in detail at https://github.com/owtf/owtf/issues/905.

For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF

'''Expected results:'''
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''
*CRITICAL: Excellent reliability
*Good performance
*Unit tests / Functional tests
*Good documentation

== OWASP iGoat ==
'''Idea 1:''' Completing OWASP iGoat documentation at https://docs.igoatapp.com/ and creating demo videos at for OWASP iGoat YouTube channel for learning purpose.

'''Idea 2:''' Adding new challenge pack / CTF for iGoat. It should be one point solution for learning iOS app security

== OWASP Seraphimdroid ==
[[OWASP SeraphimDroid Project|OWASP Seraphimdroid]] is Android security and privacy app, with features to enhance user's knowledge about security and privacy on his/her mobile device. If you are interested in this project and working on it during Google Summer of Code, please contact [[User:Nikola Milosevic|Nikola Milosevic]] and express your interest.

=== Idea 1: Anomaly detection of device state ===
The idea is that certain features of a device would be constantly monitored (battery use, internet usage, opp calls, etc.). Initially, the usual behaviour of the device would be learned. Later, anomalies normal behavior would be reported to the user. This should involve some explanations, such as which applications are causing an anomaly the device behaviors

=== Idea 2: On device machine learning of maliciousness of an app ===
Tensor-flow for on-device processing and some other libraries have been released that enable machine learning. We have previously applied a system, that based on permissions, is able to distinguish malicious apps from non-malicious. Now, we would like to learn also from other outputs and things one can monitor about application whether it can be malicious.

=== Idea 3: Enhansing privacy features ===
The vision of Seraphimdroid is to be aware of privacy threats. This may be achieved throug knowing which applications are using user accounts or other information that uthe user has on phone to send to the server, or just by knowing which applications may be doing it. Knowledgebase shouldbbeextending with the suggestions on how to improve privacy. Also, automated settings of various apps to use encryption should be proposed.
==OWASP ZAP==
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.

=== Active Scanning WebSockets ===
: '''Brief Explanation:'''
: ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesn't currently support active scanning (automated attacking) of websocket traffic (messages).
: We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.
: This project will be a continuation of the work that was started as part of last year's GSoC.
: '''Expected Results:'''
:* An pluggable infrastructure that allows us to active scan websockets
:* Converting the relevant existing scan rules to work with websockets
:* Implementing new websocket specific scan rules
: '''Getting Started:'''
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding' section.
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].
: '''Knowledge Prerequisites:'''
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
: '''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team

=== Automated Authentication Detection and Configuration ===
: '''Brief Explanation:'''
: Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki>
: This is time consuming and error prone.
: Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.
: This project will be a continuation of the work that was started as part of last year's GSoC.
: '''Expected Results:'''
:* Detect login and registration pages
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible
: '''Getting Started:'''
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding' section.
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].
: '''Knowledge Prerequisites:'''
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.
: '''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team
:

== IoT Goat ==
IoT Goat will be a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the [https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf IoT Top 10 2018].

===Idea 1: Insecure firmware web application ecosystem===
'''Brief Explanation:'''

A vulnerable web application, and backend API/web services deployed in OpenWrt containing critical vulnerabilities showcasing the traditional IoT problems.

''' Getting started '''
* Have a look at the getting started page to get familiar with virtualizing OpenWrt: https://github.com/scriptingxss/IoTGoat/blob/master/BuildEnvironment.md
* Create a GitHub account to be a collaborator to the repository
* Review the example vulnerabilities and challenges: https://github.com/scriptingxss/IoTGoat/blob/master/Examples/Weak%2C%20Guessable%2C%20or%20Hardcoded%20Passwords.md[https://github.com/scriptingxss/IoTGoat/blob/master/challenges/challenges.md hand ttps://github.com/scriptingxss/IoTGoat/blob/master/challenges/challenges.md]

'''Expected Results:'''

Development of a simple web application user interface with web services and API's deployed locally on the OpenWrt firmware. Documented challenges of how to discover and remediate web software security vulnerabilities. The insecure web application services must contain the following vulnerabilities to be used with the IoT testing guide:
* Command injection
* SQL injection
* Local file inclusion
* XXE injection,Insufficient Authentication
* Transfer sensitive data using insecure channels
* Store sensitive data insecurely
Vulnerable SOAP web services and REST API implementations are in-scope.

'''Knowledge Prerequisites:'''
* Working Linux knowledge
* Embedded and/or web development (nice to have)
** Web application code can be developed using the following common embedded programming languages:
*** Lua
*** PHP
*** C/C++
*** JavaScript

===Idea 2: Insecure network services===
'''Brief Explanation:'''

Deliberately insecure services configured within OpenWrt such as an miniupnp daemon configured with secure_mode off (Secure mode; client can only redirect an incoming port to the client itself (same IP as the request comes from), to demonstrate a port mapping attack where an attacker from inside the network exposes a service that typically should be behind a LAN to the internet).

''' Getting started '''
* Have a look at the getting started page to get familiar with virtualizing OpenWrt: https://github.com/scriptingxss/IoTGoat#-getting-started-
* Create a GitHub account to be added as a collaborator to the repository
* Review the example vulnerabilities and challenges: https://github.com/scriptingxss/IoTGoat/blob/master/challenges/challenges.md

'''Expected Results:'''

Documented challenges of how to discover and remediate insecure network service vulnerabilities. The network services can be inherently insecure or have insecure configurations that can be abused during the challenges.
* Example of network insecure services include:
** FTP
** Telnet
** miniupnpd
** HTTP
'''Knowledge Prerequisites:'''
* Working Linux knowledge
* Network security

===Idea 3: Insecure firmware build system===
'''Brief Explanation:'''

Develop custom firmware builds of the latest OpenWrt version (18.06) demonstrating the process of incorporating debug services/tools, misconfigurations, and usage of vulnerable software packages.

''' Getting started '''
* Review OpenWrt's developer guide to get familiar with creating custom firmware builds
** https://openwrt.org/docs/guide-developer/start
** https://openwrt.org/docs/guide-developer/build-system/install-buildsystem
** https://github.com/openwrt/openwrt

'''Expected Results:'''
* Provide walkthrough examples of insecure design choices for building firmware.
* Provide suggested mitigation security controls

'''Knowledge Prerequisites:'''
* Working Linux knowledge
* Embedded development (C/C++)

===Suggest your own ideas===
You may suggest additional challenges or ideas that fit this project's objectives.

=== Mentors and Leaders ===
* Aaron Guzman - OWASP IoT Goat Contributor (Project leader of the IoT and Embedded AppSec project)
* Fotios Chantzis - OWASP IoT Goat Contributor (and former GSoC Student/GSoc Mentor)
* [[User:Calderpwn|Paulino Calderon]] - OWASP IoT Goat Contributor (and former GSoC 2011 Student/GSoc Mentor in 2015 and 2017)

==OWASP Web Honeypot Project ==

The goal of the OWASP Honeypot Project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks. Within this project, Anglia Ruskin University is leading the collection, storage and analysis of threat intelligence data.

https://www.owasp.org/index.php/OWASP_Honeypot_Project

https://github.com/OWASP/Honeypot-Project/

===Brief Explanation===
The purpose of this part of the project is to capture intelligence on attacker activity against web applications and utilise this intelligence as ways to protect software against attacks. Honeypots are an established industry technique to provide a realistic target to entice a criminal, whilst encouraging them to divulge the tools and techniques they use during an attack. Like bees to a honeypot. These honeypots are safely designed to contain no information of monetary use to an attacker, and hence provide no risk to the businesses implementing them. 

The project will create honeypots that the community can distribute within their own networks. With enough honeypots globally distributed, we will be in a position to aggregate attack techniques to better understand and protect against the techniques used by attackers. With this information, we will be in a position to create educational information, such as rules and strategies, that application writers can use to ensure that any detected bugs and vulnerabilities are closed. 

===Idea===
Project progression:
* Honeypot software. The honeypot software that is to be provided to the community to place in their networks has been written. Honeypots are available in a variety of forms, to make deployment as flexible as possible and appeal to a diverse a user set as possible.
* Collection software. The centralised collection software has been written and evaluated in a student driven proof-of-concept project. Honeypots have been attacked in a laboratory situation and have reported both the steps taken by the attacker and what they have attacked, back to the collection software.
* Rollout to the Community. The project now needs a dedicated infrastructure platform in place that is available to the entire community to start collecting intelligence back from community deployed honeypots. This infrastructure will run the collector software, analysis programmes and provide a portal for communicating our finds and recommendations back to the community in a meaningful manner.
* Going Forward. Toolkits and skills used by attackers do not stand still. As existing bugs are plugged, others open. Follow up stages for the project will be to create a messaging system to automatically update the community on findings of significant risk in their existing code that requires attention.

===Expect Results ===

Some of the ideas from last year's summit

* Setup Proof of Concept to understand how Mod Security baed Honeypot/Probe interacts with a receiving console (develop a VM and/or Docker based test solution to store logs from multiple probes).
* Evaluate console options to visualise threat data received from ModSecurity Honeypots/probes in MosSecurity Audit Console, WAF-FLE, Fluent and bespoke scripts for single and multiple probes.
* Develop a mechanism to convert from stored MySQL to JSON format.
* Provide a mechanism to convert ModSecurity mlogc audit log output into JSON format.
* Provide a mechanism to convert mlogc audit log output directly into ELK (ElasticSearch/Logstash/Kibana) to visualise the data.
* Provide a mechanism to forward honest output into threat intelligence format such as STIX using something like the MISP project(https://www.misp-project.org) to share Threat data coming from the Honeypots making it easy to export/import data from formats such as STIX and TAXII., may require use of concurrent logs in a format that MISP can deal with.
* Consider new alternatives for log transfer including the use of MLOGC-NG or other possible approaches.
* Develop a new VM based honeypot/robe based on CRS v3.0.
* Develop new alternative small footprint honeypot/probe formats utilising Docker & Raspberry Pi.
* Develop machine learning approach to automatically be able to update the rule set being used by the probe based on cyber threat intelligence received.

=== Students Requirements ===

Some of the skills we are looking for:

* Apache/Tomcat
* Any experience of MISP
* MySQL & JSON
* ELK
* STIX/TAXII
* Python
* ModSecurity/mlogc
* OWASP Core RuleSet (CRS)
* Linux
* VM/Docker

=== Mentors ===

* [mailto:adrian.winckles@owasp.org Adrian Winckles] - (OWASP Web Honeypot Project Leader) 

===Suggest your own ideas===

You may suggest additional challenges or ideas that fit this project's objectives.

==OWASP Risk Assessment Framework ==
Tool projects aim to assessment more than one or many web application using owasp risk rating mathodologies.

https://github.com/OWASP/RiskAssessmentFramework

'''Idea 1:''' make dashboard with database and can assess many website based owasp risk rating mathodologies, create graph and report in pdf,word & excel format. 
Ideas 2 : Static Application Security Testing.
=== Students Requirements ===

* Python
* Java
* Javascript
* Angular and NodeJS/Express
* Database
* Linux

=== Mentors ===

* [mailto:ade.putra@owasp.org Ade Yoseman Putra] - (Mentor) 
* [mailto:rejah.rehim@owasp.org Rejah Rehim.A.A]- (Mentor)
* [mailto:azzeddine.ramrami@owasp.org Azzeddine Ramrami ]- (Mentor)

OWASP SecureTea Project

2019-04-24T06:46:56Z

Yoseman: /* Project Resources */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker] 
Presentation ([[Media:OWASPSecuretea2017.pdf|Old PDF-2017]])

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [30 Mei 2018] Present at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting]
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T06:46:08Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker] 
Slide ([[Media:OWASPSecuretea2017.pdf|Old PDF-2017]])

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [30 Mei 2018] Present at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting]
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T04:33:20Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker] 
Presentation ([[Media:OWASPSecuretea2017.pdf|Old PDF-2017]])

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [30 Mei 2018] Present at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting]
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T04:33:00Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]
Presentation ([[Media:OWASPSecuretea2017.pdf|Old PDF-2017]])

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [30 Mei 2018] Present at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting]
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T04:20:54Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [30 Mei 2018] Present at [https://owaspsendai.connpass.com/event/88720/ OWASP Sendai Chapter Meeting]
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:58:35Z

Yoseman: /* News and Events */

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] V1.1 Stable Release is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:53:59Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] V1.1 Release candidate is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=


Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:53:29Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] V1.1 Release candidate is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



Detail around this project can be found at: https://github.com/OWASP/SecureTea-Project

<nowiki>}} </nowiki>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:49:15Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] V1.1 Release candidate is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide] & List Integration [https://github.com/OWASP/SecureTea-Project/blob/master/doc/Integration_list/List_integration.md here]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{:Projects/OWASP_SecureTea_Project | Project About}}

<nowiki>}} </nowiki>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:43:12Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] V1.1 Release candidate is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop/server.
* Roadmap Can see more at [https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md Dev Guide]
==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{:Projects/OWASP_SecureTea_Project | Project About}}

<nowiki>}} </nowiki>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:27:32Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] V1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] V1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] V1.1 Release candidate is available for [https://github.com/OWASP/SecureTea-Project/releases/tag/V1.1 download].
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{:Projects/OWASP_SecureTea_Project | Project About}}

<nowiki>}} </nowiki>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T03:18:33Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] 1.1 Release candidate is available for download.
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{:Projects/OWASP_SecureTea_Project | Project About}}

<nowiki>}} </nowiki>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

Projects/OWASP SecureTea Project

2019-04-24T03:16:47Z

Yoseman:

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
| project_name =OWASP SecureTea Tool Project
| project_description = The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.
| leader_name1 = Ade Yoseman Putra
| leader_email1 = ade.putra@owasp.org
| leader_username1 = Yoseman

| contributor_name2 = Rejah Rehim
| contributor_email2 =
| contributor_username2 = Rejah_Rehim.A.A

| contributor_name3 = Bambang Rahmadi K.P
| contributor_email3 =
| contributor_username3 = Idbmb

| mailing_list_name =
|project_license=OWASP SecureTea Project is free to use, released under the MIT License.}}

Projects/OWASP SecureTea Project

2019-04-24T03:11:06Z

Yoseman: Created page with "{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude> | project_name =OWASP SecureTea Tool Project | project_description = The OWASP SecureTea Proj..."

{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
| project_name =OWASP SecureTea Tool Project
| project_description = The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.
| leader_name1 = Ade Yoseman Putra,Rejah Rehim,Bambang Rahmadi K.P
| leader_email1 = ade.putra@owasp.org,bmb.router@gmail.com
| leader_username1 = adeyoseman,rejahrehim,idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free to use, released under the MIT License.}}

OWASP SecureTea Project

2019-04-24T03:00:04Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] 1.1 Release candidate is available for download.
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description = The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.
| leader_name1 = Ade Yoseman Putra,Rejah Rehim,Bambang Rahmadi K.P
| leader_email1 = ade.putra@owasp.org,bmb.router@gmail.com
| leader_username1 = adeyoseman,rejahrehim,idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free to use, released under the MIT License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T02:57:48Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
* [24 April 2019] 1.1 Release candidate is available for download.
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description = OWASP SecureTea Tool Project

The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
| leader_name1 = Ade Yoseman Putra,Rejah Rehim,Bambang Rahmadi K.P
| leader_email1 = ade.putra@owasp.org,bmb.router@gmail.com
| leader_username1 = adeyoseman,rejahrehim,idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free to use, released under the MIT License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T02:54:56Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" |
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://t.me/joinchat/Az5yZxQg7Djs-UZWKKCRVQ SecureTea Project Group] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description = OWASP SecureTea Tool Project

The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
| leader_name1 = Ade Yoseman Putra,Rejah Rehim,Bambang Rahmadi K.P
| leader_email1 = ade.putra@owasp.org,bmb.router@gmail.com
| leader_username1 = adeyoseman,rejahrehim,idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free to use, released under the MIT License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T02:42:12Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=|MIT Lisence]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://telegram.dog/owaspid OWASP Indonesia] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description = OWASP SecureTea Tool Project

The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
| leader_name1 = Ade Yoseman P,Rejah Rehim,Bambang Rahmadi K.P
| leader_email1 = ade.putra@owasp.org,bmb.router@gmail.com
| leader_username1 = adeyoseman,rejahrehim,idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free software, released under the MIT License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T02:39:54Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}

==Licensing==
OWASP SecureTea Tool is free to use. It is licensed under the MIT license.

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=|MIT Lisence]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://telegram.dog/owaspid OWASP Indonesia] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description = OWASP SecureTea Tool Project

The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
| leader_name1 = Ade Yoseman P,Rejah Rehim,Bambang Rahmadi K.P
| leader_email1 = ade.putra@owasp.org,bmb.router@gmail.com
| leader_username1 = adeyoseman,rejahrehim,idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free software, released under the MIT License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T02:28:35Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}
==Licensing==
MIT License 

Copyright (c) 2017 SecureTea Project Team - http://owasp.or.id 

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
 
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
 
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
 

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://telegram.dog/owaspid OWASP Indonesia] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description =

The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
| leader_name1 = Bambang Rahmadi K.P
| leader_email1 = bmb.router@gmail.com
| leader_username1 = idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free software, released under the GNU GPL v3 License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]

OWASP SecureTea Project

2019-04-24T02:13:53Z

Yoseman:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
==OWASP SecureTea Tool Project ==
The OWASP SecureTea Project is an application designed to help secure a person's laptop or computer / server with IoT (Internet Of Things) and notify users (via various communication mechanisms), whenever someone accesses their computer / server. This application uses the touchpad/mouse/wireless mouse to determine activity and is developed in Python and tested on various machines (Linux, Mac & Windows).
The software is still under development, and will eventually have it's own IDS(Intrusion Detection System) / IPS(Instrusion Prevention System), firewall, anti-virus, intelligent log monitoring capabilities with web defacement detection, and support for much more communication medium.

==User Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/user_guide.md

==Developer Guide==
https://github.com/OWASP/SecureTea-Project/blob/master/doc/en-US/dev_guide.md

==Demo==
You can see what SecureTea Project is all about in the following video:
OWASP SecureTea Notify to telegram: {{#ev:youtube|zJegAtJOOc8}}
OWASP SecureTea Notify to twilio/sms: {{#ev:youtube|bYuq73KN9E8}}
==Licensing==
GNU GPL v3 License

This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Project Resources ==
[https://github.com/OWASP/SecureTea-Project/blob/master/README.md Installation Package]

[https://github.com/OWASP/SecureTea-Project Source Code]

[https://github.com/OWASP/SecureTea-Project/wiki Wiki Home Page]

[https://github.com/OWASP/SecureTea-Project/issues Issue Tracker]

== Project Leader ==
* [[Ade Yoseman Putra]]
* [[User:Rejah Rehim.A.A|Rejah Rehim.A.A]]
* [[User:Idbmb|Bambang Rahmadi K.P]]

== Video Creator ==
* [[Sunny Dhoke]]

== Contributors==
* [https://github.com/sananthu Ananthu S]

== Open Hub ==
https://www.openhub.net/p/734848

== Related Projects ==

* [[OWASP Cyber Defense Matrix]]

==Classifications==

{| width="200" cellpadding="2"
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]
|-
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
|}

| valign="top" style="padding-left:25px;width:200px;" |

== News and Events ==
* [20 Mar 2017] 1.0 Beta Release candidate is available for download. First release for trial period.
* [04 Feb 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
* [25 Jan 2018] Published in ToolsWatch.org, [http://www.toolswatch.org/2018/01/black-hat-arsenal-asia-2018-great-lineup/ Blackhat Arsenal Asia 2018 Great Lineup.]

* [22 Mar 2018] [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-securetea-tool-project-9669 Present at Blackhat Asia Singapore.]
* [10-12 July 2018] [http://2018.twcsa.org/speakers.html#spkr_0711_owasp_04 Present at OWASP AppSec Taiwan 2018] 
|}

=FAQs=

==How can I participate in your project?==
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

= Acknowledgements =
==Contributors==

'''Everyone is invited to collaborate on this project.'''

The OWASP SecureTea Project is extremely grateful for all of our contributors both prior to becoming open source and after. A live update of project [https://github.com/idbmb/SecureTea/graphs/contributors contributors is found here].

= Road Map and Getting Involved =

== Road Map ==
* Gather existing presentations and pull ideas into OWASP.
* Review IoT and identify security issues handled by these application.
* Review PYTHON related literature (books, articles, ...)
* Document ways to secure computer/laptop.

==Getting Involved==
Involvement in the development and promotion of OWASP SecureTea Tool Project is actively encouraged!
You do not have to be a security expert or a programmer to contribute.
Some of the ways you can help are as follows:

===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
===Localization===
Are you fluent in another language? Can you help translate the text strings in the OWASP SecureTea Tool Project into that language?
===Testing===
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
===Feedback===
Please Join to Telegram Group [https://telegram.dog/owaspid OWASP Indonesia] for feedback about:
<ul>
<li>What do like?</li>
<li>What don't you like?</li>
<li>What features would you like to see prioritized on the roadmap?</li>
</ul>

=Project About=



{{Template:Project About
| project_name =OWASP SecureTea Tool Project
| project_description =

The OWASP SecureTea Project is a application designed to help Secure a person's laptop or computer with IoT (Internet Of Things) for notify users via twitter, whenever anyone accessing his laptop or computer. This application work using the touchpad / mouse / wireless mouse and developed in python. The purpose of this application is to warn the user (on twitter) whenever her laptop accessible. This small application was developed and tested in python in linux machine likely to be working well in the Raspberry Pi as well.
| leader_name1 = Bambang Rahmadi K.P
| leader_email1 = bmb.router@gmail.com
| leader_username1 = idbmb
| mailing_list_name =
|project_license=OWASP SecureTea Project is free software, released under the GNU GPL v3 License.}}

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Tool]]