Independent security researcher Mahadev Subedi from Pokhara gives a talk about WordPress Security at Wordpress Meetup Aug, 2013.
.jpg)
Find slides here:
.jpg)
Find slides here:
Monday, August 26, 2013
Saturday, August 24, 2013
OWASP Nepal Supports Free Security Testing Campaign
OWASP Nepal supports a community run security testing campaign (organized by SQA Enthusiast Nepal). The campaign aims to create awareness about web security and testing among individuals by bringing web security testing into practice in Nepalese companies and organizations.
Orientations to students and volunteers at the campaign by security professionals:
.jpg)
.jpg)
.jpg)
.jpg)
Friday, June 28, 2013
OWASP Top 10 - Nepali Translation (Call for volunteers)
It's been a while since OWASP Top 10 2013 list has been released:
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards
Already there are lots of translation efforts going on worldwide from different OWASP Chapters. See Here:
https://owasp.org/index.php/Category:OWASP_Top_Ten_Project
There is editable versions of OWASP Top 10 2013 available in Powerpoint and Ms-Word format. The document is about 24 pages long. It's whole lot of effort to start translating by a single person. So I'd like to ask if any of you would be able to contribute to the translation of the OWASP Top 10 in Nepali.
In this regard please comment your views on:
1) Whether translating to Nepali would be useful or not ? Should we do it ?
2) If you are interested in volunteering for translation please update your information in the following spreadsheet:
https://docs.google.com/spreadsheet/ccc?key=0AsepIMbEeC63dEN4eGRVandSSzNzWVBDNDdNN3M4Z2c#gid=0
Also, since it's a community effort all of us who contribute to the translation our names / email will be enlisted in OWASP Top 10 wiki at owasp.org and everywhere related.
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards
Already there are lots of translation efforts going on worldwide from different OWASP Chapters. See Here:
https://owasp.org/index.php/Category:OWASP_Top_Ten_Project
There is editable versions of OWASP Top 10 2013 available in Powerpoint and Ms-Word format. The document is about 24 pages long. It's whole lot of effort to start translating by a single person. So I'd like to ask if any of you would be able to contribute to the translation of the OWASP Top 10 in Nepali.
In this regard please comment your views on:
1) Whether translating to Nepali would be useful or not ? Should we do it ?
2) If you are interested in volunteering for translation please update your information in the following spreadsheet:
https://docs.google.com/spreadsheet/ccc?key=0AsepIMbEeC63dEN4eGRVandSSzNzWVBDNDdNN3M4Z2c#gid=0
Also, since it's a community effort all of us who contribute to the translation our names / email will be enlisted in OWASP Top 10 wiki at owasp.org and everywhere related.
Friday, April 12, 2013
Apply for OWASP Projects on GSoC 2013
This year OWASP has been selected as an official Google Summer of Code (“GSoC”) mentoring organization!
Open source software is changing the world and creating the future.
Want to help shaping it? We’re looking for students to join us in making 2013 the best Summer of Code yet!
OWASP is an open community dedicated to enabling organizations to
conceive, develop, acquire, operate, and maintain applications that can be
trusted.
All students currently enrolled in an accredited institution are welcome to
participate in the Google Summer of Code 2013 program along with the
OWASP Foundation.
What is GSoC?
The Google Summer of Code program (“GSoC”) is designed to encourage
student participation in open source development. Through GSoC, accepted
student applicants will be paired with OWASP mentors from participating
organizations.
Benefits to students include:
• Gaining exposure to real-world software development scenarios,
• An opportunity for employment in areas related to their academic
pursuits and
• Google will be offering successful student contributors a 5,000 USD
stipend, enabling them to focus on their coding projects for three
months. This program is done completely online. Students and mentors from more than 100 countries have participated in past years.
For a detailed timeline and FAQ about the GSoC program:
http://www.googlemelange.com/gsoc/document/show/gsoc_program/google/gsoc2013/help_page
GSoC + OWASP: Call for Student Proposals
Are you a student and want to code for an OWASP project?
Here are the steps and some tips on getting started:
1) Think of a good idea – For reference see
https://www.owasp.org/index.php/GSoC2013_Ideas
2) Do some research yourself based on the idea, write up a proposal draft
3) Post it to the OWASP GSOC group
@ https://groups.google.com/forum/#!forum/owasp-gsoc for initial discussions
with OWASP mentors.
4) Based on feedback, write a full proposal – See template below:
https://www.owasp.org/index.php/GSoC_SAT
5) Submit your proposal to Google Melange from April 22nd–May 3rd, 2013.
Students wishing to participate in GSoC must realize this is a formal
commitment to produce code for the selected OWASP Project during three
months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we'd like to have candidates who are committed to helping OWASP mission. You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications are welcome.
Full details and requirements for participating:
https://www.owasp.org/index.php/GSoC
We wish you the best of luck.
Open source software is changing the world and creating the future.
Want to help shaping it? We’re looking for students to join us in making 2013 the best Summer of Code yet!
OWASP is an open community dedicated to enabling organizations to
conceive, develop, acquire, operate, and maintain applications that can be
trusted.
All students currently enrolled in an accredited institution are welcome to
participate in the Google Summer of Code 2013 program along with the
OWASP Foundation.
What is GSoC?
The Google Summer of Code program (“GSoC”) is designed to encourage
student participation in open source development. Through GSoC, accepted
student applicants will be paired with OWASP mentors from participating
organizations.
Benefits to students include:
• Gaining exposure to real-world software development scenarios,
• An opportunity for employment in areas related to their academic
pursuits and
• Google will be offering successful student contributors a 5,000 USD
stipend, enabling them to focus on their coding projects for three
months. This program is done completely online. Students and mentors from more than 100 countries have participated in past years.
For a detailed timeline and FAQ about the GSoC program:
http://www.googlemelange.com/gsoc/document/show/gsoc_program/google/gsoc2013/help_page
GSoC + OWASP: Call for Student Proposals
Are you a student and want to code for an OWASP project?
Here are the steps and some tips on getting started:
1) Think of a good idea – For reference see
https://www.owasp.org/index.php/GSoC2013_Ideas
2) Do some research yourself based on the idea, write up a proposal draft
3) Post it to the OWASP GSOC group
@ https://groups.google.com/forum/#!forum/owasp-gsoc for initial discussions
with OWASP mentors.
4) Based on feedback, write a full proposal – See template below:
https://www.owasp.org/index.php/GSoC_SAT
5) Submit your proposal to Google Melange from April 22nd–May 3rd, 2013.
Students wishing to participate in GSoC must realize this is a formal
commitment to produce code for the selected OWASP Project during three
months. You will also take some resources from OWASP project leaders, who will dedicate a portion of their time to mentor you. Therefore, we'd like to have candidates who are committed to helping OWASP mission. You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining OWASP and other Open Source communities. However, experience in coding and applications are welcome.
Full details and requirements for participating:
https://www.owasp.org/index.php/GSoC
We wish you the best of luck.
Tuesday, March 26, 2013
OWASP Nepal Meetup @ Holi [Guests from Atlanta, Georgia]
Tuesday, March 19, 2013
Sunday, January 20, 2013
Security focused Coding Competition for Students : Hardcode 2013
Hardcode 2013
Hardcode is a contest aimed at promoting the importance of security throughout the software development lifecycle. Contestants will develop open source applications on Google’s App Engine platform that meet a set of functional and security requirements. This competition is open to full-time middle school, high school and college students over the age of 13 around the world.
Eligibility
All entrants must currently be full-time middle school, high school or college students over the age of 13. Participants are encouraged to work in teams with no more than 5 participants per team. Work by more than 5 participants per team and work done by any anyone who is not a full-time student are not allowed and are grounds for team disqualification. Other restrictions apply. Please see the Official Rules for details.
Announcement by Google:
http://googleonlinesecurity.blogspot.com/2013/01/calling-student-coders-hardcode-secure.html
Competition Details here:
https://code.google.com/p/hardcode/wiki/Hardcode2013ContestDescription
Prizes:
$20,000 Singapore dollars.
The 2nd-5th place finalist teams will receive $15,000, $10,000, $5,000, and $5,000 Singapore dollars, respectively.
Hardcode is a contest aimed at promoting the importance of security throughout the software development lifecycle. Contestants will develop open source applications on Google’s App Engine platform that meet a set of functional and security requirements. This competition is open to full-time middle school, high school and college students over the age of 13 around the world.
Eligibility
All entrants must currently be full-time middle school, high school or college students over the age of 13. Participants are encouraged to work in teams with no more than 5 participants per team. Work by more than 5 participants per team and work done by any anyone who is not a full-time student are not allowed and are grounds for team disqualification. Other restrictions apply. Please see the Official Rules for details.
Announcement by Google:
http://googleonlinesecurity.blogspot.com/2013/01/calling-student-coders-hardcode-secure.html
Competition Details here:
https://code.google.com/p/hardcode/wiki/Hardcode2013ContestDescription
Prizes:
$20,000 Singapore dollars.
The 2nd-5th place finalist teams will receive $15,000, $10,000, $5,000, and $5,000 Singapore dollars, respectively.
Subscribe to:
Comments (Atom)