A. RELEASES’ ASSESSMENTS AND NEW LEADERSHIPS
1. OWASP ModSecurity CRS Project, led by Ryan Barnett, has been under intense work development and has produced recently various releases. Its version ModSecurity2.0.6 has been reviewed and assessed and was consequently rated Stable Quality Release.
2. In a record time the OWASP Secure Coding Practices – Quick Reference Guide, led by Keith Turpin, has had its third release assessed and consequently rated as Stable Quality.
3. The OWASP AppSensor Project, led by Michael Coates, has important developments (new tool) and is currently under review targeting a Stable Release rating.
4. The OWASP O2 Platform, led by Dinis Cruz, has important developments (new release) and is currently under review targeting a Stable Release rating.
5. The OWASP Development Guide has new project leaders. Vishal Garg and Anurag Agarwal are currently assuming the role previously performed by Andrew van der Stock.
6. The OWASP JBroFuzz Project has a new leadership. Yiannis Pavlosoglou has been replaced by Ranulf Green.
7. The OWASP Enterprise Application Security Project has been recently adopted by Alexander Polyakov.
8. The OWASP CTF Project has a new leader. Martin Knobloch has been replaced by Steven van der Baan.
B. NEW PROJECTS
1. OWASP College Chapters Program, led by Jeff Williams. This initiative will help to extend application security into colleges and universities worldwide.
2. OWASP Alchemist Project, co-lead by Bishan Singh, Chandrakanth Narreddy and Naveen Rudrappa. This project enables a software development team in realization of highly secure and defensible application with built-in defences/controls against security‐related design, coding and implementation flaws.
3. OWASP Browser Security Project, created by initiative of Dave Wichers & Michael Coates. This project still has no clear leadership but the main effort has been made by the above referred.
4. OWASP Uniform Reporting Guidelines, led by Vlad Gostomelsky. This project will complement the OWASP Testing Guide as well as the OWASP RFP Template. This is going to be a reporting template for vulnerability findings which will be free, base on industry best practices and hopefully will become the de facto standard.
5. OWASP Zed Attack Proxy Project, led by Psiinon. This project provides an easy to use integrated penetration testing tool for testing web applications and provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
6. OWASP Secure Web Application Framework Manifesto, led Rohit Sethi. This project is a document detailing a specific set of security requirements for developers of web application frameworks to adhere to.
7. OWASP Mobile Security Project, led by Jack Mannino and Mike Zusman. The OWASP Mobile Security Project will help the community better understand the risks present in mobile applications, and learn to defend against them.
8. OWASP Application Security Skills Assessment, led by Neil Smithline. This project (aka OWASP ASSA) is an online multiple-choice quiz built to help individuals understand their strengths and weaknesses in specific application security skills.
9. OWASP Fiddler Addons for Security Testing Project, led by Chris Weber. This project (aka OWASP FAST) is the umbrella for two complementary projects i.e. the Watcher Project, a passive vulnerability scanner, and the X5s Project, an active XSS testing and input/output encoding detection.
C. PROJECTS TO BE SOON SET UP
1. OWASP ESAPI Objective C
2. OWASP PASSWD
3. OWASP Eclipse plug-in
4. OWASP Open-sourcing JXT
5. OWASP A10-Unvalidated Forwards
D. PROJECTS TO BE SOON RESET UP
1 All the Cross-Site Request Forgery (CSRF) related contents.
E. OTHER NEWS
1. Three major OWASP Guides – Development, Testing and Code Review – are being pushed by their leaders and contributors to reasonably soon publish a new release. Each of them has been funded with 5,000 dollars.
2. The Google Hacking Project’s Inquiry has been concluded with the publication of the OWASP Global Projects Committee’s Report and the OWASP Board Resolution.