This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Chapter Leader Handbook (OLD)

Jump to: navigation, search

Note: this is the OLD chapter handbook. The new chapter handbook is being written by the global chapter committee and expected to be ready in Q2 2009.

This handbook aims to guide new and experienced OWASP Chapter leaders in starting and maintaining an active chapter community. It outlines items that the NY/NJ Metro Local Chapter has done to be successful in its market.

Identifying the Chapter Board

On your chapter page, ensure you clearly identify who is on the board of the chapter, including their phone numbers and/or email addresses. The Local Chapter should have a published mailing address. Use a PO Box or one of the board member's (company's) addresses, perhaps.

It is highly recommended to have at a min. (2) chapter leaders and there are is no limit... in NYC there are 10 chapter leaders and each have a role in the success of the chapter so work with your peers being a chapter leader requires 10+ hrs per month and we are all BUSY

Generating Interest

  • Talk to local higher education institutions. Involve the university and its computer science students—you might even get access to their lab!
  • Talk to the local chapters of information security organizations. For example, ISSA, ISACA, FBI/Infragard, HTCIA and other local and international organizations. Cross-promote and/or join meetings, be a guest speaker and host guest speakers.
  • Use OWASP chapter mailing lists to alert members of meetings and monthly events.
  • Conduct an annual survey (use a web form) to get feedback from the mailing list/chapter members—what do they want to see in your chapter?
  • Ask for help. A successful chapter has several board members (there are no limits) so share the fun and the pain. &smiley;
  • Do a local talk about OWASP Projects that you have been involved with.

(Re-)Starting Your Chapter

A sample action plan that you can use is:

  • Find a location/venue sponsor for a first meeting. This could be a college, a business, a restraunt...
  • Enable sponsorship for refreshments from a local source.
  • Always cover the OWASP mission and goals. Explain the web application security problem in a general way to attract a large crowd and to educate the new members and guests.
  • Send out an invitation/announcement and also try to let other local security organizations know about the meeting as well. These can be local ISSA, ASIS, Infragard, ISACA or other chapters.
  • Try to get some local press attention—free press is great.
  • Hook up with government and academic contacts in your area to relay the invitation and generate some interest.
  • Find out what companies are active in this domain in your area in order to raise their interest and support.
  • Meeting invitations/announcements should contain a request to forward it to other interested parties.
  • Be sure to send out this invitation at least one month before the meeting.
  • Network, network, network!


Chapter Meetings

Meeting Frequency

This depends on the activity level of the local OWASP community and number of members. There should be a minimum of four events per year to be considered an active chapter.

Chapter Meeting Checklist


  1. Obtain primary sponsor for meeting location.
  2. Obtain co-sponsorship(s) to cover event expenses; encourage raffle item. Use the DONATE NOW button on your chapter page
  3. Obtain educational topics/speakers for the event with an abstract and bio.
  4. Update the RSVP form for each meeting.
  5. Update the OWASP web site to reflect the when, where, who...
  6. Communicate via email to the mailing list.
  7. Communicate to other organizations—ISSA, ISACA, Infragard, etc.—to raise awareness, as well as news media, blogs and other mailing lists.
  8. Line up the refreshment logistics based on RSVP'd attendees.
  9. Pay for the expenses and submit expenses to Kate Hartman to get your money back.... use a credit card that gives you points ;)


  1. Arrive early, set-up meeting location.
  2. Pre-flight check: A/V, computers, final approval of speaker's PowerPoint (no sales pitch).
  3. Execute event. (Badges, A/V, etc.)
  4. Questionnaire/survey/feedback form—use a survey web form (e.g.,,,, etc.) or build your own.


  1. Send out CPE credits to attendees that requested them or explain to them that ISC2 as a example is a self certify
  2. Review event and ways to improve with the board members.
  3. Select topic focus for next event based on feedback from attendees or survey.
  4. What was good, what was bad?

And repeat.

Chapter Meeting Template

You can use this "template" on your chapter page for listing meeting details:


Fill in date and timeframe


Fill in meeting place


  • 18h00 - 18h30: Networking / Food, Drinks
  • 18h30 - 19h00: Fill in
  • 19h00 - 19h30: Fill in


Frequently Asked Questions

I don't know the list of members.

You can get the membership for your chapter from the administrative interface for your mailing list. If you've forgotten your password, contact Kate Hartmann to reset it for you. If you need to contact all the members, you can send a message to the mailing list, and they should all receive it.

Does subscribing to a chapter mailing list mean official membership in OWASP?

No, Membership details can be found on the Membership page.

How do I update my OWASP Chapter page?

First, create your wiki account on the login page. Then go to your chapter page and click the edit link. You can use the meeting template above to list your next chapter meeting details.

I have a great idea to help other chapters!

Log in to the wiki and edit this page. Or send an email to the chapter leaders mail list. You are on that list, right?

Further Help

If you have any questions you can simply email [email protected] or post a message to the chapter leaders mail list.