WASPY Award 2012 Candidates

WASPY Award 2012 Candidates

Candidate: Helen Gao

Candidate Submitted By: China Chapter

Accomplishments: Senior Architect,Global Membership Committee Chair, One of Chinese Project leader,Long Island Chapter Leader, AppSec Asia 2011 organizer, etc...

Why this person was chosen?: Helen volunteered to OWASP since 2006 and contributed a lot for OWASP as a member of Global Membership Committee and Long Island Chapter leaders. Also helen helped a lot for Great China area as a leader of Chinese Project. Moreover she is one of the main organizer for AppSec Asia 2011. Right now, Helen is the chair of Global Membership Committee.

Candidate:Abbas Naderi Afooshteh

Candidate Submitted By:Iran Chapter

Candidate:Dr. Kees Leune

Candidate Submitted By:Long Island Chapter

Candidate:Simon Bennetts

Candidate Submitted By:Zed Attack Proxy Project

Accomplishments:OWASP ZAP Founder and project leader, GSoC Mentor, OWASP Manchester founder, international speaker

Why this person was chosen?:Simon started the OWASP Zed Attack Proxy Project in 2010 and actively leads the international group of volunteers who develop it. This summer he mentored 2 Google Summer of Code students working on ZAP. He started the OWASP Manchester chapter and has encouraged and supported the formation of the new East Midlands and Newcastle chapters. Simon has talked about ZAP and OWASP at both security and not security events around in Europe, America and Australia. He is also involved in the OWASP Data Exchange Format and AppSensor projects, started the Web Application Security Testing Cheat Sheet and has contributed to other open source security projects such as the BodgeIt Store and the Web Application Vulnerability Scanner Evaluation Project (wavsep).

Candidate:Ryan Barnett

Candidate Submitted By:OWASP HTTP POST TOOL

Accomplishments:Ryan is a core developers on the OWASP CRS project https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

Why this person was chosen?When working on the HTTP POST TOOL we made it available for testing to many organizations so that before we released a tool that could be potentially malishous there were well documented defensive approaches. Ryan Barnett was not only intrested from the initial presentation at OWASP AppSec DC 2010 but worked to develop defensive methods for Mod_Security to educate and provide assistance to the OWASP community members BEFORE it was released. Ryan has been a long time contributor to the OWASP organization and should be reconized formally for this outstanding volenteer service.1) Helped lead the effort to bring ModSecurity to the Microsoft IIS platform and NGINX. 2) Providing best practices and training for virtual patching processes to mitigate vulns at conferences worldwide.

Candidate:Breno Silva Pinto OWASP Brasilia Chapter Leader

Candidate Submitted By:OWASP ModSecurity Core Rule Set (CRS) Project

Accomplishments:Breno added many important features to ModSecurity to help prevent web-based attacks:

• Prevention of HTTP Slow Request/Read DoS Attacks
• HMAC Token Protection to help prevent parameter tampering, directory traversals and cross-site request forgery attacks.
• Data Substitution Capabilities to modify content to remove data leakages and malicious payloads.
• Software Security with Federal Government

Why this person was chosen? Breno is the core developer of the hugely popular open source ModSecurity web application firewall project - http://www.modsecurity.org/. Breno is a passionate application software defender in Brazil that has greatly helped the owasp community worldwide with his contributions and presentations at conference.

Candidate:Israel Bryski

Candidate Submitted By:NYC Chapter

Accomplishments:Israel is a volunteer to the OWASP NYC Chapter that brings his experiences, connections and passion for community to help OWASP Foundation at a local level.

Why this person was chosen?From management of the call for papers of the local chapter to helping with set-up and break down of meetings. Its volunteers that make OWASP happen and Israel is one of the people that make it happen with less words and more action.

Candidate: Joan Hardy

Candidate Submitted By:NJ Chapter

Accomplishments: Joan Hardy is a volunteer of the OWASP New Jersey Chapter. She has assisted with the recruitment of speakers, venues and was the lead on a study group focused on application security.

Why this person was chosen? Volunteers such as Joan who have also worked extremely close with people such as Peter Dean and Tom Ryan on fostering results.

Candidate: Charles Henderson

Candidate Submitted By: OWASP RFP Project https://www.owasp.org/index.php/OWASP_RFP-Criteria

Accomplishments: This OWASP effort has been adopted by numerous organizations worldwide to help them meet their contracting needs when procuring application security services.

Why this person was chosen? Project contributor

Candidate: Gustavo Barbato

Candidate Submitted By: FHR project

Accomplishments: chaired the AppSec Latam 2011 conference and lead expansion the chapter base in Brazil. The number of chapters more than doubled since he started pushing this initiative.

Why this person was chosen?: Hard work done to expand and consolidate OWASP.

Candidate:Kostas Papapanagiotou

Candidate Submitted By:Greek Chapter

Accomplishments:Kostas has proved to be an essential member of OWASP both in Greece and globally.

He started as board member for that OWASP chapter in early 2004 and even as a board member he managed to lead the Greek translation effort, organise chapter meetings, be the editor of Greek chapter's blog and newsletters(one of the first globally owasp newsletters) and even promote OWASP in local news outlets such as the National Television.

Kostas is now and for the past 4 years the Greek Chapter OWASP leader.

Why this person was chosen?:Continuing and increasing his enthusiasm for OWASP and web application security even more, Kostas started to involve different departments from the Greek government into web application security. In 2011 he managed to organise an OWASP training day at the Greek General Secretariat of Information Systems with great success for both owasp and web application security in Greece. https://www.owasp.org/index.php/Greece/Training/OWASP_projects_and_resources_you_can_use_TODAY)

In parallel Kostas was promoting OWASP and application security in Universities and other academic organisations with great success and enthusiasm. Eventually he created and now co-leads the OWASP hackademic challenges project (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project), which is a global owasp project in promoting application security within academia.

It is worth noting that Hackademic challenges was also successfully selected by GSOC as one of the OWASP projects to be funded (http://lists.owasp.org/pipermail/owasp-hackademic-challenges/2012-April/000020.html)

In addition to the above Kostas has promoted OWASP with every opportunity he gets. He has promoted OWASP at Athens Digital Week, Greek FOSS conferences, E-Business Forum and Greek Magazines and many more.

More recently Kostas organised with great success the Global OWASP Appsec EU conference in Athens. This conference was certainly one of the biggest international conferences to be organised in Greece and one of the biggest annual events organised by OWASP. Kostas once more proved that he is capable both to manage, organise and also promote web application security in a global level.

As the committee of the Greek OWASP chapter we certainly believe that Kostas Papapanagiotou is one of the most globally valuable members of the OWASP community and he is also one of the biggest Web Application Security voices within the Greek community.