OWASP Project Manager Activity Reports/April 18 2014

Project Manager: 2014 Objectives

OWASP PROJECTS

Primary Goal: Continue to evolve the OWASP Projects Infrastructure by developing operational systems that facilitate Leader participation and innovation.

Subgoal 1: Continue to work on the operational projects platform with the aim of developing it to be more self sufficient for Leaders.

• Recruit a Projects Support Intern.
• Bring all of the project repositories into Ohloh.
• Continue to develop the Project Portal for Leaders.
• Monitor and update the Project Page with relevant information on a weekly basis.
• Continue to produce weekly and quarterly information reports.
• Organize a monthly webinar about an OWASP Project.
• Produce more substantial software security/projects articles for our quarterly Connector.
• Migrate all of the Project wiki pages to the new template
• Facilitate project page compliance with new Sponsorship Guidelines.
• Facilitate project product compliance with new Sponsorship Guidelines
• Develop marketing and communications pieces that promote: Benefits of Having an OWASP Project; How to start a project; Project Lifecycle; and Review Process.
• Have one Project Leader meeting a month.
• Facilitate OWASP contributions to the Apple Developer Program.
• Identify & promote cross-project collaboration to move clusters of projects forward, with e.g. work groups that work on a certain domain.
• Start a task force of people with spare cycles that can help projects that need extra man-power of are falling behind in delivery of new releases (especially the flag ship projects)
• Ask project leaders to create & give project related training or contribute to the OWASP trainings.
• Push for establishment of completion dates for key tasks for select projects.

Subgoal 2: Bring more Project Leaders together in 2014.

• Work towards getting at least 2 projects represented at every Global AppSec Conference in 2014.
• Plan a Project Summit Event in 2014
• Work on developing Project Leader Workshop module that can be given when I am not present.

Subgoal 3: Solidify the Projects Review Process.

• Develop a pragmatic method of doing project reviews.
• Test the review process developed at the 2013 Summit
• Finish reviewing the projects that have specifically asked for review.
• Review the Flagship Projects.
• Review the Lab Projects.
• Review the Incubator Projects.
• Report on the findings and outcomes.
• Document the system so it can be reproduced. (This will probably be a long document/set of instructions and lessons learned).

Subgoal 4: Design a more sustainable revenue stream using the Project’s IP. (We will probably have to drop this subgoal due to the potential change in our project model this year.)

• In depth market research to determine niche opportunities.
• Come up with at least 4 different potential opportunities based on research.
• Develop an implementation plan.

OWASP Project Manager Weekly Reports

• Project Manager Report: February 21 2014
• Project Manager Report: February 28 2014
• Project Manager Report: March 07 2014
• Project Manager Report: March 14 2014
• Project Manager Report: March 21 2014 - No Report this week. PM was away at AppSec APAC 2014.
• Project Manager Report: March 28 2014
• Project Manager Report: April 04 2014
• Project Manager Report: April 11 2014
• Project Manager Report: April 18 2014

• OSS in Cambridge
  • We are having some issues getting projects to submit an application to participate in Open Source Showcase at AppSec EU 2014.
  • I have asked the community for support and advice on how to engage volunteers to participate in this event module.
  • We put together this blog post to announce the opportunity: OSS at AppSec EU
  • Adrian is helping us by spreading the word, and so are the rest of the team.
  • We hope to get some more submissions in the coming weeks.
  • We are also looking into event engagement activities with other Leaders, and we are currently pricing the add-ons.

• Project Summit 2014
  • I have been working with the AppSec EU team to organize the 2014 Project Summit.
  • We currently have 3 summit session proposals, but I need more.
  • We are also seeking 10K USD sponsorship for the summit.
  • I am working with Kelly to get this going, and we will be announcing the opportunity soon.

• Project Reviews
  • There will likely be some changes to the review process based on community and Board feedback.
  • I am currently working with several Leaders to design a system and project model that will better meet our needs.
  • Johanna is currently working on a pilot program for one part of this system.
  • I am working on consolidating community feedback to put together an end to end system design for us.

• Project Task Force
  • This week we started our OWASP Project task force group.
  • This group will focus on getting stuff done for our OWASP Projects.
  • There are quite a few tasks that we need to get sorted so please join in if you are interested in helping out.
  • Project Task Force Page
  • Google Group Page

• OWASP Project Template Migration
  • The template migration is still in progress.
  • The aim is to switch over every project's wiki content to the new design.
  • The new template design lets project leaders organize their project information in a more organized way.
  • Kait, our Projects Intern, is diligently working towards this goal.
  • She is helping leaders with template related questions, and she is helping them set up the template in case they need assistance.

• AppSec APAC 2014
  • I attended AppSec APAC 2014 in Tokyo, Japan some weeks ago where I helped Laura with the OWASP AppSec APAC 2014 global conference.
  • Laura and I were the only two staff members that attended the event.
  • The OWASP Japan chapter put on an amazing conference this year.
  • It was excellent to see the team work so efficiently to put on the event.
  • There were a few lessons learned, but overall it was an excellent experience.
  • I primarily helped run the merchandise store at the event, and I participated in the Women in AppSec panel.

• Women in AppSec: AppSec APAC 2014
  • The Women in AppSec program at AppSec APAC 2014 was absolutely excellent.
  • I have to thank the OWASP Japan team and especially Rio, Robert, and team for making the panel session such a success.
  • I am taking lessons learned from this session, and I am going to apply it to other conferences if they choose to run the program.
  • Our winner was Hiromi Tsuchiya, and our runner-up was Ikue Yamanishi.

• Graphic Design Update
  • The Ops team have recently hired a part-time graphic design contractor to help our community with its design needs.
  • I will be responsible for Hugo's workload and reviews.
  • We have put together our design menu of services, as well.
  • You can find the Design Menu here.
  • Here is the announcement: Graphic Design Services for OWASP

• Daily Project based queries and requests
  • This has not changed much since I began the post: questions are very similar in nature.
  • Global AppSec questions.
  • Funding queries.
  • Travel availability.
  • Project based administrative help.
  • Project status information.
  • Several project donation questions.
  • Marketing questions.
  • Grant funding questions.
  • OWASP social media updates.
  • What's happening with projects, questions.
  • Managing Salesforce cases.

General Awards

• OWASP OWTF Project: Brucon 5x5 Award

1. Amount: €5,000.00 (Approx. $6,670.00)
2. Status: Awarded. Congratulations, Abraham Aranguren and all involved in the project, for your award.

Proposals Awarded

• OWASP Guidebooks Proposal

1. Amount: $25,000 USD
2. Status: Awarded. The first payment has been allocated to our project budgets. The second invoice has now been sent to Georgia Tech and payment has been received.
3. OWASP Development Guide Plan
4. OWASP Testing Guide Plan
5. OWASP Code Review Guide Plan

• Google Grants Proposal

1. Amount: $120,000 USD in Adwords Funds
2. Status: Awarded.
3. Note: There is no link to show the proposal for this grant. There was a form that was submitted to Google, and we did not receive a record of this form.
4. Google Grants Usage Report

• Google Summer of Code

1. Amount: $5,500
2. Status: Awarded

• Projects breakdown:
  • 4 ZAP Projects: $2,000
  • 4 OWTF Projects: $2,000
  • 1 PHP Security Project: $500
  • 1 Hackademics Project: $500
  • 1 Modsecurity Project: $500
  • Travel Expenses: $1,896.38 (Reimbursement)
  • Note: Big thank you to Fabio Cerullo for coordinating and managing this award.

• OWASP AppSensor Grant Proposal

1. Amount: $15,000 USD
2. Status: Awarded.

• Total Funds Awarded: $172,170 USD for 2013.

Proposals Denied

• European Commission Grant Proposal

1. Amount: €250,000
2. Status: Denied.

• OWASP OpenSAMM Grant Proposal

1. Amount: $112,000 USD
2. Status: Denied

• OWASP ESAPI Grant Proposal

1. Amount: $25,000 USD
2. Status: Denied

• OWASP ModSecurity CRS Proposal

1. Amount: $30,000 USD
2. Status: Denied

• OWASP OWTF Grant Proposal

1. Amount: $55,800 USD
2. Status: Denied

Current Project Funds

• Chapter and Individual Project Funds
• Project Reboot 2012 Information
• Q1 2013: Funds Allocated to Projects
• Q2 2013: Funds Allocated to Projects
• Q3 2013: Funds Allocated to Projects
• Q4 2013: Funds Allocated to Projects

Webinar Opportunity for OWASP Project Leaders

We are still in need for Project Leaders to showcase their projects via our Webinar series. The webinars will be held every third (3) Wednesday of every month at 10am EST, unless noted otherwise. Below are the dates when each webinar will be held, and you can indicate the month if you are interested:

• April 24: Cam Morris
• May 21: Jonathan Carter
• June 18
• July 16
• August 20
• September 17
• October 15
• November 19
• December 17

Please reach out to Samantha Groves ([email protected]) if you are interested in giving a 45 minute webinar on your OWASP Project.

OWASP iGoat 2.1 Released

There is a new OWASP iGoat release available immediately for download. Details below:

Thanks to Google deprecating (read: killing off) the Downloads feature on Google Code, we've had to move the primary Downloads page over to Google Drive. It works fine, but is a little clunky, IMHO. Of course, you can always just download a ZIP of the current source tree. See the Downloads page (https://code.google.com/p/owasp-igoat/wiki/NewDownloads?tm=2) for instructions.

As always, the OWASP iGoat app is only distributed in source code as a self-contained Xcode project. To run it, you'll need Xcode (free from Apple). You can run it for free on the iPhone Simulator included with Xcode, or install it on your iOS device, but the latter requires you to register and pay (USD$99/year) to be an Apple iOS Developer.

OWASP ZAP 2.3.0

OWASP ZAP 2.3.0 is now available : http://code.google.com/p/zaproxy/wiki/Downloads?tm=2

There are a large number of changes in this release, so this post will just give a high level overview of some of the most significant changes: ZAP ‘lite’ version For this release we are providing a ‘lite’ version of ZAP in addition to the ‘full’ version. This contains exactly the same core code, but it just includes fewer default add-ons. Of course, you can download all of the ‘missing’ add-ons from the ZAP marketplace to ‘upgrade’ the lite version to a full one.

The ‘lite’ version is aimed at people new to security who need less initial functionality which will hopefully be easier to get started with. It will also be suitable for people looking for a smaller download or those wishing to customize exactly which add-ons they install. For more information, read the full story...