This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

WASPY Awards 2013

Jump to: navigation, search


Web Application Security People of the Year Awards 2013


The WASPY Award election has completed. Congratulations to the winners!

Who do you choose in the category Best Chapter Leader for the WASPY Award?

SUMMARY Answered Questions: 521 (60.3%)
Abstain: 343 (39.7%)
Total: 864
Abbas Naderi 43 (8.3%) David Hughes 82 (15.7%) Jack Mannino 92 (17.7%) John Wilander 81 (15.5%)
Jonathan Marcil 31 (6.0%) Paul Scott 57 (10.9%) Tin Zaw, Richard Greenberg,
Kelly Fitzgerald, Stuart Schwarz
& Edward Bonver (LA Chapter Leaders)105 (20.2%)
Trenton Ivey 30 (5.8%)

Who do you choose in the category Best Project Leader for the WASPY Award?

SUMMARY Answered Questions: 501 (58.0%)
Abstain: 363 (42.0%)
Total: 864
Abbas Naderi 79 (15.8%) Andrew van der Stock 115 (23.0%)
Epsylon "psy" 93 (18.6%) Simon Bennetts 214 (42.7%)

Who do you choose in the category Best Community Supporter for the WASPY Award?

SUMMARY Answered Questions: 488 (56.5%)
Abstain: 376 (43.5%)
Total: 864
Fabio Cerullo 205 (42.0%) Jason Montgomery 82 (16.8%) John Wilander 201 (41.2%)

Who do you choose in the category Best Mission Outreach for the WASPY Award?

SUMMARY Answered Questions: 531 (61.5%)
Abstain: 333 (38.5%)
Total: 864
Fabio Cerullo 187 (35.2%) John Wilander 116 (21.8%) Martin Knobloch 228 (42.9%)

Who do you choose in the category Best Innovator for the WASPY Award?

SUMMARY Answered Questions: 303 (35.1%)
Abstain: 561 (64.9%)
Total: 864
Abbas Naderi 207 (68.3%) Tanoh Aka Marcellin 96 (31.7%)


Anyone in the Community


WASPY Awards 2013


Call for nominees


May 7 – Call for nominees

August 16 – Call for nominees closes

August 19 – Announcement of nominees per category

September 6 – Deadline for bio and profile picture to be submitted

September 30 – Paid member deadline Not sure if you are a current member? Member Directory

October 14 – October 25 – Voting process (will be included on the election ballot)

October 29 – Announcement of winners in Special Edition connector & recognition at AppSecUSA 2013


Every year a group of individuals including researchers, developers, security professionals and others work to ensure the security of web applications. Some of these individuals are featured in news stories or at conferences as recognized experts. But there are many other ‘unsung heroes’ that work every day to improve web application security and yet are rarely recognized.


  • Best Chapter Leader
Name Chapter Citation
Paul Scott Houston "Paul has taken the Houston chapter from non-existent to one of the best I've seen. Every month something is going on, whether it's a "mini-con", a hands-on workshop, or a happy hour. He is very organized and enthusiastic. This leads to having sponsors, which helps encourage attendance. I'm a former OWASP chapter leader in Kansas City and have attended OWASP chapter meetings in Houston, Denver, New York, and London."
Jonathan Marcil Montreal "Jonathan has been really active since he has been elected as the new chapter leader in Montreal. He has been able to reach a lot of developers that had no idea what was OWASP by simply going in event and talking to them one-o-one.

He's really dedicated to OWASP and his chapter, he spend at least 20 to 25 hours a week organizing, he also attended BlackHat and sat at the official OWASP booth to distribute and inform people about the wonderful organization that OWASP is.

I've never seen a chapter leader active like him, he definately deserve an award."

Abbas Naderi Iran "Abbas Naderi, Chapter Leader in Iran is one of the most helpful person I know. I choose him above all others because of his dedication towards pulling forward the entire security community. He demonstrated this act when he agreed to help me in Google Summer of Code Project even when he knew that he was not going to gain money or knowledge out of this. He helped my project just because he wanted everyone in security community to move forward. While working with him, I realized the vast amount of knowledge he possesses. His ideas and his dedication inspires me and I am proud to say that I have set my goal to be like him one day."
John Wilander Sweden "John has shown that he is one of the best chapter leaders of OWASP. He recently stepped down, but I believe he should be given the award regardless."
Jack Mannino Northern Virginia "Jack Mannino has brought top-notch speakers from Jim Manico, to Dan Cornell, and the Twitter appsec team as well as secured an amazing spot with LivingSocial for our meetings. Jack is fostering not only interested speaking events but hackathons and code projects. He is definitely going above and beyond. Most importantly, this chapter is consistent and 100% vendor neutral! Under his leadership, things are already on the right path and headed for even greater destinations.

Lastly, Jack is one of the leaders of the OWASP Mobile project as well the sole developer for the OWASP project GoatDroid.

If anyone deserves my nomination, it's him!"

Tin Zaw, Richard Greenberg, Kelly FitzGerald, Stuart Schwartz, Edward Bonver Los Angeles "Tin was the leader of OWASP for the last several years. During his tenure, Tin created a formal board, solidified partnerships with ISSA, SCALE, B-Sides, .Net users groups and CSA, helped other nearby chapters and, took a leading role in the organization of the 2010 Global OWASP AppSec conference in Irvine, presented at several OWASP conferences and chapters and served as a chair on Global Chapter Committees. Richard, an ISSA LA Board member and ISSA Fellow, was able to utilize that relationship to tighten the bonds and collaboration between these two organizations, dramatically increasing monthly meeting attendance and sharing of ideas and information. Richard has ensured that Web Application Security speakers are addressing the ISSA chapter on a more frequent basis, including their yearly Security Symposium. OWASP and ISSA have joint dinner meetings twice a year. There was also a special collaborative meeting with OWASP, ISSA, ISC(2), and CSA. Richard was a member of the Global Conferences Committee and a co-chair of AppSec USA 2010. He also has taken an active role to help Neil Matatall reinvigorate the Orange County Chapter, and they are now experiencing rapid growth and meeting monthly, for the first time.

Under Richard's and Tin's leadership, the chapter grew from an average attendance of ~20-30 security enthusiasts to ~65-100+ at every meeting. OWASP LA conducted meetings religiously every month and the board goes out of their way to screen and invite excellent speakers. In addition, the board does an excellent job communicating the meeting agenda on our OWASP wiki and other social networks besides taking care of the meeting logistics (full catered dinners, sponsorship and more). The quality of the talks is so consistent that even other security organizations in LA (informally) acknowledge that OWASP has the best technical talks about security in town!

The LA Chapter is hosting the upcoming AppSec California, a collaborative conference uniting OWASP Chapters up and down the California coast, from San Diego to the Bay area. World class speakers are already lining up to participate."

Trenton Ivey Milwaukee "Prior to 2012 there was no OWASP chapter in the Milwaukee area. One man, Trenton Ivey, had a vision. That vision was to establish the Milwaukee OWASP chapter. Through his bold leadership and keen insight he worked with the national OWASP association. His tireless work resulted in a fully functional OWASP Milwaukee Chapter. The response from Information Security professionals in the area was overwhelming. He has provided the local Information Security community a means to learn new technologies and stay current with emerging trends. Most importantly, we have the opportunity to collaborate and share ideas with our peers.

His dedication to the field of information security and passion for spreading knowledge has enriched the lives of chapter members."

David Hughes Austin "David is the current leader of the OWASP Austin Chapter and has done an amazing job over the past year and a half to continue what makes Austin the best chapter in the country. Under his leadership, the chapter meetings have grown significantly in size, we have monthly sponsored happy hours, we do weekly study groups, and we hosted the single largest fundraiser for OWASP with 750 attendees at AppSec USA 2012. David has expanded our leadership team to include several new members and he has set us up for success for many years to come. OWASP Austin is the best chapter on the planet and David is the best active chapter leader hands down. He truly deserves this award."
Dhruv Soi India "My journey with OWASP started in the year 2006 when I formally started the chapter activities in New Delhi, India. Online mailing list had merely 10-20 subscribers and the visibility in different sectors on local industry was too low. There weren't even other active regional chapters in India.

We started with the chapter meets at very large software development companies in India which started providing visibility to the OWASP as a brand. In 2008, after 2 years of ground work, I announced the very first OWASP conference in the region. Holding a conference for the first time was a challenge but it went very well with participation from around 400 professionals. Our this year's event is lined up for August 2013.

Later, I was promoted by OWASP Foundation as Chair - OWASP India to promote OWASP activities nation wide. Today, we have got 10 active chapters in India and I was instrumental in formation of many new chapters by coordinating with OWASP Foundation US and mentoring the new chapter leads. Our local New Delhi OWASP Mailing list has grown to nearly 800 subscribers which is amongst largest OWASP mailing lists and we have thus far organized 3 OWASP conferences. Good thing has been that OWASP's conferences in India are the largest cyber security events in the region.

I even took an initiative to bring OWASP India to social media by creating LinkedIn profile, Facebook, Twitter and Googleplus pages and am actively maintaining all of these for promotion of local activities. Our LinkedIn and Facebook pages have more than 450 Fans/Followers which I see as a considerable number from a region.

I also facilitated alliances with other not-for-profit organizations to gain further visibility in other communities.

In most of our past events, I invited top brass from Government which helped in gaining more outreach into Government sector. We even included professors from Universities to make students also aware about OWASP. Total 500+ companies have so far participated in our last conferences.

We always kept focus on quality and branding in our events which was lauded by a representative from OWASP Foundation in our 2012 event which is also mentioned in the post-event report.

In these 7 years of my association, I have tried to promote OWASP in the region by all kind of promotional methods online, social media, private meetings, chapter meets, conferences, industry alliances etc.

Wikipedia history, website, OWASP Foundation report on 2012 OWASP India event, owasp-delhi mailing list subscriber list can be looked as supporting documents."

  • Best Project Leader
Name Project Citation
Abbas Naderi PHP Security Project I have known Abbas since last 4 months. Within this time I had the opportunity to see this person in action. He is one of the most dynamic, helpful and knowledgeable persons I know. I met him during Google Summer of Code. He is one of the mentors in this program. I have seen him help the people and the community even when things were out of reach. His breadth of knowledge in PHP is quite outstanding and his appeal to knowledge and security is quite inspiring for a lot of people including me. I wish him luck and I truly believe that this person deserves the WASPY award."

"Abbas is doing an excellent work promoting tools and helping the community with his knowledge and inspiration"

Andrew van der Stock Developer Guide "Recognition outside community by AusCERT, development of

- Application Security Verification Standard 2.0 - OWASP Developer Guide 2013 with a lot of others - OWASP Proactive Controls 2013 with Jim Manico - and support of other projects like Coding and Testing Guides. "

Simon Bennetts ZAP "For his work on ZAP and the constant effort he makes to improve and market the project."

"Simon has superbly led the ZAP project through 2012 and into 2013. The project is the most healthy ongoing OWASP project and continues to be updated. It also participated successfully in the GSoC 2012 initiative. Simon has also managed to attract non-coder contributors such as for the translation of the tools content."

Epsylon "psy" XSSer From hackers database:

-OWASP XSSer Founder and project leader. -GSoC 2013 proposed Mentor -Developer of: XSSer ( -Developer of: CIntruder ( -Developer of: AnonTwi ( -Developer of: UFOnet ( -Different contributions to free software applications such as: Seeks-Project (, Elgg (, Lorea (, etc... -OWASP Spain contributor.

Epsylon has talked about OWASP XSSer at both security and not security events around in Europe: Spain, France, Netherlands and Germany. He is involved in some different social projects giving an important technical support and is doing a good job leading some security educational communities.

+ Videos:

XSSer: CIntruder:

+ Slides:"

  • Best Community Supporter – contributor to chapter, project or initiative
Name Citation
Jason Montgomery "Jason has organized and run several training sessions for OWASP Columbus chapter in 2013. His training sessions help OWASP members better understand how to integrate security into the software development lifecycle."
Fabio Cerullo "Fabio's work on:

Google Season of Code Latam OWASP Tour EU OWASP Tour"

John Wilander "John has done so much for OWASP over the years. He deeply supports our international community.
  • John founded OWASP Sweden in 2007 and stepped down 2013 with a mailing list of 900+ chapter members, combined under the Sweden umbrella.
  • John chaired OWASP AppSec Research 2010 in Stockholm with Microsoft and Google as main sponsors and keynote speakers. Managed to gather a great team/committee. The profit funded a big part of the subsequent Global Summit.
  • John organized and chaired the Browser Security Track at the Global Summit in Portugal 2011. Round table discussions with Mozilla, Google, Microsoft, PayPal, Adobe, IETF, and some of the world's best web hackers (Mario Heiderich, Stefano di Paola, Gareth Heyes, Eduardo Vela Nava, and David Lindsay).
  • John Co-championed the Builders-Breakers-Defenders communities within OWASP, took on the Builders' Developer Outreach, and went on a two-year mission to give appsec talks at developer conferences, not security conferences."
  • Best Mission Outreach – grow the OWASP community
Name Citation
Martin Knobloch "Martin tirelessly attends every OWASP conference and supports the OWASP booth. But he also does this at many, many conferences. For example at this year's FOSDEM, Blackhat EU and Hack in the Box Amsterdam. These efforts take a lot of personal time, as well as effort transporting OWASP materials to and from venues."
Fabio Cerullo "Fabio has been doing an amazing work for OWASP for so many years now, silently, without asking anything in return. I first met him at Appsec EU 2011, which was a great success. We then worked together during OWASP's first year as a GSoC organization, an initiative that Fabio put a lot of effort in and was a great success. He has also successfully run the LatAm tour and now the EU tour, a couple of very large and complex events, with amazing success in spreading the OWASP word in the corresponding areas.

I believe that Fabio has provided amazing value to OWASP's mission, in an altruistic way, without pursuing promotion for himself or any other benefits. He's the most fitting for the "Best mission outreach" award."

"For his effort in the Latam Tour, spreading OWASP brand and awareness in Latin America and the OWASP European Tour!"

John Wilander "John managed to stay a developer and had a massive influence on the developer community with his security knowledge.

He did this next to his OWASP global involvement at various OWASP conferences of one he organized himself and leading the Swedish chapter."

  • Best Innovator – willingness to try new ideas
Name Citation
Tanoh Aka Marcellin "la raison est que je voudrais lui faire gagner ce prix afin de pouvoir avoir accès aux nouveaux outils et surtout pour ce faire des contacts avec le groupe OWASP et pourquoi pas si possible, travailler avec ce groupe merci."
Abbas Naderi "Abbas is developing a new php security library which seems very promising. There is no such a library yet and during the GSOC Abbas is working hard to implement this together as project leader with the student and volunteers "


1. Board members can NOT be nominated

2. Paid staff can NOT be nominated

3. Must be a paid member to vote Not sure if you are a current member? Member Directory

4. All nominees will remain anonymous until August 19, 2013

5. Anyone can nominate any individual

6. One person per category may be nominated

Sponsorship Opportunities: Please see our Sponsorship Document

These awards are funded solely by sponsors. If you or your company are interested in sponsoring this years WASPY Awards, please let us know by contacting us

Information about last years WASPY Awards including our winner Helen Gao and our sponsors Qualys and Trustwave can be found here:

2013 Sponsors