OWASP - User contributions [en]

Getting Started

2007-08-14T13:51:00Z

OWASP: /* Getting started in application security */

==Getting started in application security==

Application security is simply everything involved in developing, maintaining, and purchasing applications that your organization can trust. However, application security is inextricably tied into almost every aspect of your organizations' information technology, and can be maddeningly difficult to tackle. This "Getting Started" page is intended to provide a roadmap of the various topics in application security and where OWASP materials can help you and your organization master them. As the saying goes, when it comes to application security, there are really two types of organization - those who don't know their code is insecure, and those that do.

==Searching for application security information==

We are working hard to organize the world's application security information. But it's fair to say we have a very long way to go. There is a [[Special:Search|simple search engine]] built into the OWASP site, but it's not that great.

That's why we set up a [http://www.owasp.org/google/results.html custom Google search engine] that indexes not only OWASP, but dozens of websites. We've tagged the sites as being commercial, open-source, products, services, etc... so that you can filter the information about application security.

As a last resort, you can also just [[Special:Allpages|get a list]] of all the pages if you know a word in the title.

==Why is application security so hard?==

If you haven't read it lately, check out Fred Brooks' great article, "[http://www-inst.eecs.berkeley.edu/%7Emaratb/readings/NoSilverBullet.html No Silver Bullet]". In it, Brooks discusses both "accidental" and "essential" difficulties of producing software. We created the accidental difficulties ourselves, by making our languages, compilers, and environments more difficult than they need to be. But the essential difficulties are fundamental problems that will always be with us. Brooks considers four inherent properties of software that help explain the difficulty of software security - complexity, conformity, changeability, and invisibility.

==If you're wondering if your code has vulnerabilities...==

If you're wondering whether your software really has application security weaknesses, then the best thing to do is to find out. You can do this in a number of ways, but the simplest is to do an [[CLASP_Best_Practices#Perform_application_assessments|application assessment]] of a few of your applications. The review should analyze all the major security areas by using a combination of [[Vulnerability Scanning|vulnerability scanning]], [[:Category:OWASP Code Review Project|code review]], [[:Category:OWASP Testing Project|penetration testing]], and [[Perform source-level security review|static analysis]]. Then based on some actual results, which should verify areas that are well designed and built as well as identify weaknesses, you can make an informed decision about how to proceed.

==If you already know your code is vulnerable...==

If you've already come to the conclusion that your project or organization is not producing secure code, then you should consider what [[:Category:Activity|organizational improvements]] are most likely to improve your ability. One popular place to start is [[CLASP_Best_Practices#Institute_awareness_programs|instituting an awareness program]] for developers and managers, as it is relatively inexpensive and has immediate effects. However, you may want to consider doing an [[:Category:OWASP CLASP Project|application security capability appraisal]] of your organization to find out what changes are likely to be the most effective. Also, you might consider defining a risk model, creating organization roles and teams, establishing standards or coding guidelines, or introducing some security activities into your software development lifecycle before doing the training.

==About threats, vulnerabilities, and countermeasures==

A good way to start learning about application security is by understanding software [[:Category:Principle|principles]], [[:Category:Threat Agent|threats]], [[:Category:Attack|attack]], [[:Category:Vulnerability|vulnerabilities]], and [[:Category:Countermeasure|countermeasures]]. A good overview of the most critical of these is the [[OWASP_Top_Ten_Project|OWASP Top Ten]] awareness document. This is a short paper that describes the most critical vulnerabilities, how to find them, and what to do to protect against them in your application.

Another great way to learn about application security is to study some real vulnerabilities and learn how they work. OWASP has developed [[:Category:OWASP_WebGoat_Project|WebGoat]] to provide hands-on examples of application security to learn from. WebGoat is a full J2EE application and training environment that contains real vulnerabilities to experiment with and learn from. [[:Category:OWASP_WebScarab_Project|WebScarab]] is a powerful web application penetration testing tool that you can use to test applications. For further reference, you can read all about each of the [[:Category:Vulnerability|vulnerabilities]] on the OWASP website to learn more.

==What are the root causes of application vulnerabilities?==

Once you've learned about risk model, you should think about how those problems come into existence. Every application security problem has a root cause somewhere in the organization. It may be that the project didn't have the right [[:Category:Activity|activities]] in their development process, or it may be that the developers didn't have the right training, or it might even be that the team didn't have the right tools for the job. But every vulnerability is a reason to investigate, find out why it happened, and make some organizational changes. You can find more information about improving your capability in the [[:Category:OWASP CLASP Project|OWASP CLASP Project]].

__NOTOC__

Talk:Austria

2007-07-27T12:04:04Z

OWASP:

===How can I contact the chapter leader, there's no e-mail address?===

The best way is to post a message to the owasp-austria mailing list to contact others in the chapter. Looks like there's an opportunity for a leader to run the Austria chapter. Anyone interested, please contact owasp@owasp.org. Thanks!

Talk:Austria

2007-07-27T12:03:38Z

OWASP:

How can I contact the chapter leader, there's no e-mail address?

The best way is to post a message to the owasp-austria mailing list to contact others in the chapter. Looks like there's an opportunity for a leader to run the Austria chapter. Anyone interested, please contact owasp@owasp.org. Thanks!

MediaWiki:Sidebar

2007-07-26T20:13:23Z

OWASP:

Main Page

2007-07-03T02:46:25Z

OWASP:

<div style="text-align:right">[https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008ddT https://www.owasp.org/images/e/eb/3_468x60.gif]</div>

<div style="font-size:7pt;text-align:right">Sponsored advertisement. OWASP does not endorse commercial products or services     </div>

{|style="width:100%;margin-top:+.7em;background-color:#ececec;border:1px solid #ccc"
|style="width:56%;color:#000"|
{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;white-space:nowrap;color:#000" |
<div style="font-size:162%;border:none;margin: 0;padding:.1em;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div>
<div style="top:+0.2em;font-size: 95%">the free and open application security community</div>
|}


|style="width:14%;font-size:95%;color:#000"|
*[[OWASP Guide Project|Guide]]
*[[OWASP Top Ten Project|Top Ten]]
*[[OWASP WebGoat Project|WebGoat]]
|style="width:14%;font-size:95%"|
*[[OWASP CLASP Project|CLASP]]
*[[OWASP WebScarab Project|WebScarab]]
*[[OWASP Legal Project|Contracting]]
|style="width:14%;font-size:95%"|
*[[OWASP Testing Project|Testing]]
*[[OWASP Code Review Project|Code Review]]
*'''[[Special:Allpages|More...]]'''
|}

{|style="width:100%;background:none;margin:-.8em 0 -.7em 0"
|style="font-size:95%;text-align:left;white-space:nowrap;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;white-space:nowrap;color:#000"| [[Special:Statistics|Statistics]] '''·''' [http://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}


{|style="border-spacing:8px;margin:0px -8px"
|class="MainPageBG" style="width:50%;border:1px solid #cef2e0;background-color:#f5fffa;vertical-align:top;color:#000"|
{|width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5fffa"
! <h2 style="margin:0;background-color:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">[[About The Open Web Application Security Project|OWASP Overview]]</h2>
|-
|style="color:#000;align:center"|{{OWASP Overview}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">Featured Story</h2>
|-
|style="color:#000"|{{Featured article}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">[http://www.google.com/reader/public/atom/user/16712724397688793161/state/com.google/broadcast The OWASP Moderated AppSec News Feed]</h2>
|-
|style="color:#000"|{{Application Security News}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Members</h2>
|-
|style="color:#000"|{{OWASP Members}}
|-



|}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|
{| width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5faff"


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Conferences</h2>
|-
|style="color:#000"|{{OWASP Conference}}
|-


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Community [[OWASP Community|(add)]]</h2>
|-
|style="color:#000"|{{OWASP Community Table}}
|-
! <h2 style="margin:0;background:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP News [[OWASP News|(add)]]</h2>
|-
|style="color:#000"|{{OWASP News}}
|}
|}

__NOTOC__ __NOEDITSECTION__

Main Page

2007-07-03T02:45:01Z

OWASP:

<div style="text-align:right">[https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008ddT https://www.owasp.org/images/e/eb/3_468x60.gif]</div>

<div style="font-size:7pt;text-align:right">Sponsored advertisement. OWASP does not endorse commercial products or services     </div>

{|style="width:100%;margin-top:+.7em;background-color:#ececec;border:1px solid #ccc"
|style="width:56%;color:#000"|
{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;white-space:nowrap;color:#000" |
<div style="font-size:162%;border:none;margin: 0;padding:.1em;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div>
<div style="top:+0.2em;font-size: 95%">the free and open application security community</div>
|}


|style="width:14%;font-size:95%;color:#000"|
*[[OWASP Guide Project|Guide]]
*[[OWASP Top Ten Project|Top Ten]]
*[[OWASP WebGoat Project|WebGoat]]
|style="width:14%;font-size:95%"|
*[[OWASP CLASP Project|CLASP]]
*[[OWASP WebScarab Project|WebScarab]]
*[[OWASP Legal Project|Contracting]]
|style="width:14%;font-size:95%"|
*[[OWASP Testing Project|Testing]]
*[[OWASP Code Review Project|Code Review]]
*'''[[Special:Allpages|More...]]'''
|}

{|style="width:100%;background:none;margin:-.8em 0 -.7em 0"
|style="font-size:95%;text-align:left;white-space:nowrap;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;white-space:nowrap;color:#000"| [[Special:Statistics|Statistics]] '''·''' [http://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}


{|style="border-spacing:8px;margin:0px -8px"
|class="MainPageBG" style="width:50%;border:1px solid #cef2e0;background-color:#f5fffa;vertical-align:top;color:#000"|
{|width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5fffa"
! <h2 style="margin:0;background-color:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">[[About The Open Web Application Security Project|OWASP Overview]]</h2>
|-
|style="color:#000;align:center"|{{OWASP Overview}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">Featured Story</h2>
|-
|style="color:#000"|{{Featured article}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">The OWASP Moderated AppSec News Feed</h2>
|-
|style="color:#000"|{{Application Security News}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Members</h2>
|-
|style="color:#000"|{{OWASP Members}}
|-



|}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|
{| width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5faff"


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Conferences</h2>
|-
|style="color:#000"|{{OWASP Conference}}
|-


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Community [[OWASP Community|(add)]]</h2>
|-
|style="color:#000"|{{OWASP Community Table}}
|-
! <h2 style="margin:0;background:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP News [[OWASP News|(add)]]</h2>
|-
|style="color:#000"|{{OWASP News}}
|}
|}

__NOTOC__ __NOEDITSECTION__

Main Page

2007-07-03T02:43:42Z

OWASP:

<div style="text-align:right">[https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008ddT https://www.owasp.org/images/e/eb/3_468x60.gif]</div>

<div style="font-size:7pt;text-align:right">Sponsored advertisement. OWASP does not endorse commercial products or services     </div>

{|style="width:100%;margin-top:+.7em;background-color:#ececec;border:1px solid #ccc"
|style="width:56%;color:#000"|
{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;white-space:nowrap;color:#000" |
<div style="font-size:162%;border:none;margin: 0;padding:.1em;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div>
<div style="top:+0.2em;font-size: 95%">the free and open application security community</div>
|}


|style="width:14%;font-size:95%;color:#000"|
*[[OWASP Guide Project|Guide]]
*[[OWASP Top Ten Project|Top Ten]]
*[[OWASP WebGoat Project|WebGoat]]
|style="width:14%;font-size:95%"|
*[[OWASP CLASP Project|CLASP]]
*[[OWASP WebScarab Project|WebScarab]]
*[[OWASP Legal Project|Contracting]]
|style="width:14%;font-size:95%"|
*[[OWASP Testing Project|Testing]]
*[[OWASP Code Review Project|Code Review]]
*'''[[Special:Allpages|More...]]'''
|}

{|style="width:100%;background:none;margin:-.8em 0 -.7em 0"
|style="font-size:95%;text-align:left;white-space:nowrap;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;white-space:nowrap;color:#000"| [[Special:Statistics|Statistics]] '''·''' [http://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}


{|style="border-spacing:8px;margin:0px -8px"
|class="MainPageBG" style="width:50%;border:1px solid #cef2e0;background-color:#f5fffa;vertical-align:top;color:#000"|
{|width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5fffa"
! <h2 style="margin:0;background-color:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">[[About The Open Web Application Security Project|OWASP Overview]]</h2>
|-
|style="color:#000;align:center"|{{OWASP Overview}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">Featured Story</h2>
|-
|style="color:#000"|{{Featured article}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">Application Security News</h2>
|-
|style="color:#000"|{{Application Security News}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Members</h2>
|-
|style="color:#000"|{{OWASP Members}}
|-



|}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|
{| width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5faff"


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Conferences</h2>
|-
|style="color:#000"|{{OWASP Conference}}
|-


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Community [[OWASP Community|(add)]]</h2>
|-
|style="color:#000"|{{OWASP Community Table}}
|-
! <h2 style="margin:0;background:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP News [[OWASP News|(add)]]</h2>
|-
|style="color:#000"|{{OWASP News}}
|}
|}

__NOTOC__ __NOEDITSECTION__

Template:Application Security News

2007-07-03T02:42:03Z

OWASP:

This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. [http://www.google.com/reader/public/atom/user/16712724397688793161/state/com.google/broadcast The OWASP Moderated AppSec News Feed]

<feed entries=10 length=300 url="http://www.google.com/reader/public/atom/user/16712724397688793161/state/com.google/broadcast" date="j M">
;{DATE} - [{PERMALINK} {TITLE}]
: <span style="font-style:italic;font-size:6;">-> via <span style="text-decoration:underline;">[{PERMALINK} {AUTHOR}]</span></span>
:{DESCRIPTION}
</feed>

Template:Application Security News

2007-07-03T02:40:20Z

OWASP:

Category:OWASP Cookies Database

2007-06-25T21:57:57Z

OWASP:

==='''Welcome to OWASP Cookies Database Project'''===

OWASP Cookies Database project is aimed to collect and maintain all possible web servers/applications cookie details like cookie name, cookie value and the product name/version which generated the cookies. This database can be used to fingerprint the product name/version by comparing the cookie names and values against the database. This will enhance the accuracy of the application fingerprinting.

The database is ordered as a "reverse-lookup" to facilitate finding technologies in a testing situation. If you need to use the data in another order, we recommend copying the table into a spreadsheet and sorting it according to your needs.

Please help us grow the database by adding the cookies from your technology. To gather the appropriate data, simply go to the webpage in question and type in the following in the URL bar of your browser...

javascript:alert(document.cookie)

Then create an entry in the table below using the following format. If you don't know what product or version are involved, please leave them blank, and perhaps others will be able to help you. Note, you may want to change a few bytes in the example cookie value so that you aren't disclosing a secret cookie value.

|-
|wiki18_session
|qfn5s9|14upcs5b29prn7al090
|unknown
|[http://www.mediawiki.org MediaWiki]
|[http://www.mediawiki.org/wiki/MediaWiki MediaWiki]
|1.8
|Used at http://www.wikipedia.com
|None

==Cookie Database==

{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"

|-
|Cookie Name
|Example Value
|Cookie Format
|Company Name
|Product Name
|Product Version
|Product Type
|Example Site
|Notes

|-
|JSESSIONID
|
|unknown
|Many
|Many
|Any
|J2EE Application server
|Many
|Many appservers use this cookie including Claudio Resin, [http://jakarta.apache.org/tomcat/ Jakarta Tomcat/JSERV], [http://www.macromedia.com/ Macromedia Jrun]

|-
|ASPSESSIONIDXXXXXXXX
|XXXXXXXXXXXXXXXXXXXXXXXX
|unknown
|[http://www.microsoft.com/ Microsoft]
|[http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/default.mspx Microsoft Internet Information Services]
|5.0
|Application server
|Many
|Cookie name varies by site

|-
|ASP.NET_SessionId
|0hqed4qelkxvjj153tplacm0
|unknown
|[http://www.microsoft.com/ Microsoft]
|[http://www.microsoft.com/iis Microsoft Internet Information Services]
|6.0
|Application server
|Many
|None

|-
|PHPSESSION
|
|unknown
|[http://www.php.net/ The PHP Group]
|[http://www.php.net/ PHP]
|Any
|Web server
|Many
|None

|-
|wiki18_session
|qfn5s9|14upcs5b29prn7al090
|unknown
|[http://www.mediawiki.org/ MediaWiki]
|[http://www.mediawiki.org/wiki/MediaWiki MediaWiki]
|1.8
|Content Management Server
|http://www.wikipedia.com/
|None

|-
|WebLogicSession
|(too large too fit here)
|unknown
|[http://www.bea.com/ BEA]
|[http://www.bea.com/framework.jsp?CNT=index.htm&FP=/content/products/weblogic BEA WebLogic]
|Any
|J2EE Application server
|TBD
|None

|-
|BIGipServerxxx_xxx_xxx_PROTO
|2893454590.19741.0000
|unknown
|[http://www.f5.com/ F5]
|[http://www.f5.com/products/bigip/ F5 BIG-IP]
|Any
|Load balancer
|TBD
|Used to mantain persistence based on original client when balancing to a farm. The cookie name contains the name of the web site being accessed as weel as the protocol used.

|-
|SERVERID
|
|unknown
|[http://haproxy.1wt.eu HAproxy]
|[http://haproxy.1wt.eu HAproxy]
|Any
|Load balancer
|TBD
|More information in the [ http://haproxy.1wt.eu/download/1.2/doc/architecture.txt Architecture documentation]

|-
|SaneID
|A.B.C.D-1018349510644
|unknown
|[http://www.sane.com/ UNICA corporation]
|[http://www.unica.com/product/product.cfm?pw=untng Unica NetTracker] (formerly SANE NetTracker)
|Any
|Tracking visitors
|http://www.sane.com/
|A.B.C.D is the IP address of the client accessing the site

|-
|ssuid
|Maxliw00vvM00001fbb6Oxn0wb
|unknown
|[http://www.vignette.com/ Vignette]
|[http://www.vignette.com/ Vignette]
|Any
|Content Manager
|TBD
|None

|-
|vgnvisitor
|Mawd0M00heY0000~fBiFkE0035
|unknown
|[http://www.vignette.com/ Vignette]
|[http://www.vignette.com/ Vignette]
|Any
|Content Manager
|TBD
|None

|-
|SESSION_ID
|(too large too fit here)
|unknown
|[http://www.ibm.com/ IBM]
|[http://www.ibm.com/ IBM Net.Commerce]
|Any
|Application
|TBD
|None

|-
|NSES40Session
|2%253A3e57d375%253Adc59172283a7e72c
|unknown
|[http://www.redhat.com/ RedHat]
|[http://enterprise.netscape.com/ Netscape Enterprise Server]
|4.0
|Application Server
|TBD
|None

|-
|iPlanetUserId
|A.B.C.D:29511018555049
|unknown
|[http://www.sun.com/ Sun]
|iPlanet web server (discontinued, replaced by SunONE web server and later by [http://www.sun.com/software/products/web_srvr/home_web_srvr.xml Java System Application Server])
|6.x
|Application Server
|TBD
|A.B.C.D is the client's IP address

|-
|gx_session_id_
|f42d0282513ff402
|unknown
|[http://www.sun.com/ Sun]
|[http://www.sun.com/software/products/appsrvr/index.xml Java System ApplicationServer])
|TBD
|Application Server
|TBD
|None.

|-
|JROUTE
|VAyc
|Four characters.
|[http://www.sun.com/ Sun]
|[http://www.sun.com/software/products/appsrvr/index.xml Java System ApplicationServer])
|http://www.sun.com/
|Application Server
|TBD
|Used by the load balancing module to determine the server backend.

|-
|RMID
|d442af2b3d1ccf30
|unknown
|[http://www.real.com/ Real]
|RealMedia OpenAdStream
|6.x
|Media Server
|TBD
|None

|-
|JSESSIONID
|afbx7QRlFZje
|unknown
|TBD
|Claudio Resin
|TBD
|J2EE Application server
|Many
|None

|-
|Apache
|A.B.C.D.265301162333949602
|unknown
|[http://www.apache.org/ Apache Foundation]
|[http://httpd.apache.org/ Apache web server]
|http://www.paypal.com
|Web server
|Many
|A.B.C.D is the client's IP address

|-
|JSESSIONID
|4ah34a8xo1
|unknown
|[http://www.apache.org/ Apache Foundation]
|[http://jakarta.apache.org/tomcat/ Jakarta Tomcat/JSERV]
|TBD
|J2EE Application server
|Many
|None

|-
|JSESSIONID
|
|TBD
|[http://www.ibm.org/ IBM]
|[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server]
|TBD
|J2EE Application server
|Many
|None.

|-
|JSESSIONID
|
|TBD
|[http://www.ibm.org/ IBM]
|[http://www.ibm.com/software/webservers/httpservers/ IBM HTTP Server]
|TBD
|Web server
|Many
|When IHS is used as a plugin to WAS it will modify the JSESSIONID and add one value to identify the web server being balanced postfixing its name (as defined in the plugin configuration)

|-
|JSESSIONID
|80302068121025709932681
|unknown
|[http://www.macromedia.com/ Macromedia]
|[http://www.macromedia.com/ Macromedia Jrun]
|TBD
|J2EE Application server
|Many
|None

|-
|CFID
|
|unknown
|[http://www.macromedia.com/ Macromedia]
|[http://www.macromedia.com/ Coldfusion]
|TBD
|Application server
|Many
|See [http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17919 KB#17919] and [http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915 KB#17915]

|-
|CFTOKEN
|
|unknown
|[http://www.macromedia.com/ Macromedia]
|[http://www.macromedia.com/ Coldfusion]
|TBD
|Application server
|Many
|None

|-
|CFGLOBALS
|
|unknown
|[http://www.macromedia.com/ Macromedia]
|[http://www.macromedia.com/ Coldfusion]
|TBD
|Application server
|Many
|None

|-
|RoxenUserID
|07761bc31df67ae8c4441a89bc7ceed5
|unknown
|[http://www.roxen.com/ Roxen]
|[http://www.roxen.com/ Roxen Web Server]
|TBD
|Web server
|Many
|None

|-
|JServSessionIdroot
|vvni7vxu8n
|unknown
|[http://www.apache.org/ Apache Foundation]
|[http://java.apache.org/jserv/ ApacheJServ]
|TBD
|Web server
|Many
|None

|-
|sesessionid
|ZJ0DMWIAAA51VQFI50BD0VA
|unknown
|[http://www.ibm.org/ IBM]
|[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server ]
|TBD
|Application server
|Many
|None

|-
|PD-S-SESSION-ID
|2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|unknown
|[http://www.ibm.org/ IBM]
|[http://publib.boulder.ibm.com/tividd/td/IBMAccessManagerfore-business6.0.html IBM Tivoli Access Manager WebSeal] (part of the IBM TAM for e-business)
|5.x, 6.x
|Reverse authentication proxy
|Many
|Where 'x' is {[A-Z],[a-z],[0-9],+,-}. The cookie is set as 'Secure'

|-
|PD_STATEFUL_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
|/LOCATION
|unknown
|[http://www.ibm.org/ IBM]
|[http://publib.boulder.ibm.com/tividd/td/IBMAccessManagerfore-business6.0.html IBM Tivoli Access Manager WebSeal] (part of the IBM TAM for e-business)
|5.x, 6.x
|Reverse authentication proxy
|Many
|This cookie is used when accessing an authenticated area.

|-
|WEBTRENDS_ID
|A.B.C.D-1091519275.658578
|unknown
|[http://www.webtrends.com/ WebTrends]
|[http://www.webtrends.com/ WebTrends]
|TBD
|Tracking visitors
|Many
|None.

|-
|__utmX
|
|unknown
|[http://www.google.com Google]
|[http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425 Urchin Tracking Module]
|TBD
|Tracking visitors
|Many
|X can be 'a', 'b', 'c', 'v', 'z' ...

|-
|sc_id
|
|Number?
|[http://www.omniture.com Omniture]
|[http://www.omniture.com Omniture]
|http://2o7.net
|Tracking visitors
|Many
|None.

|-
|s_sq
|
|Number?
|[http://www.omniture.com Omniture]
|[http://www.omniture.com Omniture]
|http://2o7.net
|Tracking visitors
|Many
|None.

|-
|s_sess
|
|Number?
|[http://www.omniture.com Omniture]
|[http://www.omniture.com Omniture]
|http://2o7.net
|Tracking visitors
|Many
|None.

|-
|s_vi_XXXXXX
|[CS]v4|XXXX[CE]
|Number?
|[http://www.omniture.com Omniture]
|[http://www.omniture.com Omniture]
|http://2o7.net
|Tracking visitors
|Many
|The XXX part of the cookie name and content are of variable length.

|-
|MintUnique
|1
|Number?
|[http://www.shauninman.com/ Shaun Inman]
|[http://haveamint.com/ Mint]
|TBD
|Tracking visitors
|Many
|None.

|-
|MintXXXX
|1
|Number?
|[http://www.shauninman.com/ Shaun Inman]
|[http://haveamint.com/ Mint]
|TBD
|Tracking visitors
|Many
|None.

|-
|SS_X_CSINTERSESSIONID
|0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej
|unknown
|[http://www.fatwire.com/ FatWire]
|[http://www.fatwire.com/ OpenMarket/FatWire Content Server]
|TBD
|Content server
|Many
|None.

|-
|CSINTERSESSIONID
|0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs
|unknown
|[http://www.fatwire.com/ FatWire]
|[http://www.fatwire.com/ OpenMarket/FatWire Content Server]
|TBD
|Content server
|Many
|None.

|-
|_sn
|u3YBSdYfaf0oa5H1hz7Tc0ccApc0T1Iz60QWgeSiMEA_
|unknown
|[http://www.siebel.com/ Siebel]
|[http://www.siebel.com/ Siebel CRM]
|TBD
|Application
|Many
|None.

|-
|BCSI-CSCXXXXXXX
|1
|Number
|[http://www.bluecoat.com/ Bluecoat]
|[http://www.bluecoat.com/ BlueCoat Proxy]
|TBD
|Proxy
|Many
|None.

|-
|Ltpatoken
| TBD
| Base64 encoding +3DES encryption (ECB mode) using the server's DES password. Contains: TokenHeader[4 BYTES] + HexEncoded((DWORD)TokenCreationDate)[8 BYTES] + hexEncoded((DWORD)TokenExpirationDate)[8 BYTES] + Canonicalized username [variable] + SHA1(TokenHeader + TokenCreation + TokenExpiration + Username+Secret)[20 BYTES]. TokenHeader = First byte reserved, three bytes for secret sequence usage. TokenCreationDate = A number representing the time and date of the token creation. (TokenCreationDate is the number of seconds to elapse since midnight (00:00:00), January 1, 1970) in GMT. TokenExpirationDate = A number representing the time and date of the token expiration. (TokenExpirationDate is the number of seconds to elapse since midnight (00:00:00), January 1, 1970) in GMT
|[http://www.ibm.org/ IBM]
|[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server ]
|5.1 and earlier
|Application server
|TBD
|LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_msso.html for more information on decoding see http://www.penumbra.org/LWCM/forum.nsf/85255e6f0052055e85255d7f005ed8bc/FF6A0D36B80FBA6E85256CC60077C094?OpenDocument

|-
|Ltpatoken2
| TBD
| TBD
|[http://www.ibm.org/ IBM]
|[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server]
|5.1.1 and later
|Application server
|TBD
|LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_msso.html

|-
|Ltpatoken
| TBD
| Base64 encoded, 3-des encrypted: header:server/userDn % timestamps % rsa-signature. Timestamp is the expiration date (in long).
|[http://www.ibm.org/ IBM]
|[http://www-128.ibm.com/developerworks/lotus Lotus Domino]
|5.0x and later
|Application
|TBD
|LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://www.lotus.com/ldd/labscontent.nsf/lookup/session_auth, http://www.ibm.com/developerworks/ibm/library/it-0101art2/ and http://www.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/Main?OpenFrameSet. The cookie name can be changed (except for 5.0x servers) based on the iNotes_WA_AuthTokenName configuration variable. For more information on decoding see http://www.penumbra.org/LWCM/forum.nsf/85255e6f0052055e85255d7f005ed8bc/FF6A0D36B80FBA6E85256CC60077C094?OpenDocument

|-
|LtpatokenExpiry
|12:00:00+GMT+Today
| String
|[http://www.ibm.org/ IBM]
|[http://www-128.ibm.com/developerworks/lotus Lotus Domino]
|5.0x and later
|Application
|TBD
|None

|-
|LtpatokenUsername
|CN=John+Doe/O=Org
|String
|[http://www.ibm.org/ IBM]
|[http://www-128.ibm.com/developerworks/lotus Lotus Domino]
|5.0x and later
|Application
|TBD
|None

|-
|DomAuthSessID
| TBD
| TBD
|[http://www.ibm.org/ IBM]
|[http://www-128.ibm.com/developerworks/lotus Lotus Domino]
|TBD
|Application
|TBD
|Session-based authentication in a single server, by default, the cookie expires after 30 minutes of inactivity. See http://www.ibm.com/support/docview.wss?uid=swg27003558

|-
|Cookie Name
|Example Value
|Cookie Format
|Company Name
|Product Name
|Product Version
|Product Type
|Example Site
|Notes

|}

==Volunteers Needed==

If you are interested in participating this project, drop a mail to syedma 'at' microland.net. The sucess of this project depends on more and more number of participants and cookie signatures

[[Category:OWASP Testing Project]]

Talk:Main Page

2007-06-10T19:19:30Z

OWASP: Reverted edits by Wwwzhudan (Talk); changed back to last version by OWASP

Template:Featured article

2007-05-28T00:46:53Z

OWASP:

'''[[OWASP Spring Of Code 2007|Over 25 NEW OWASP Projects Underway!!!]]'''

[[Image:290px-OWASP SpoC2007 Logo.jpg|180px|left]]

OWASP is funding over 25 new application security projects this Spring with over $120,000. There are a variety of tools, documents, and other [[OWASP_Spring_Of_Code_2007_Applications|projects]] in the works. These projects are well underway and are targeted to be complete by the end of July. Congratulations to all the participants - everyone is looking forward to your work!

Template:Featured article

2007-05-28T00:46:13Z

OWASP:

'''[[OWASP Spring Of Code 2007|OWASP Spring Of Code Projects Selected]]'''

[[Image:290px-OWASP SpoC2007 Logo.jpg|180px|left]]

OWASP is funding over 25 new application security projects this Spring with over $120,000. There are a variety of tools, documents, and other [[OWASP_Spring_Of_Code_2007_Applications|projects]] in the works. These projects are well underway and are targeted to be complete by the end of July. Congratulations to all the participants - everyone is looking forward to your work!

Template:OWASP News

2007-05-28T00:40:24Z

OWASP:

; '''Apr 17 - [[OWASP Newsletter 8]]'''
: OWASP SpoC projects selected, new OWASP WeBecki tool, OWASP Code Review project, OWASP updates and much more

; '''Mar 19 - [[OWASP Newsletter 7]]'''
: OWASP Spring of Code, new OWASP SWAAT static analysis tool, OWASP updates and much more

; '''Mar 6 - [[OWASP Newsletter 6]]'''
: OWASP Autumn of Code 2006 finished, XML Gateway Eval Project, OWASP updates and much more

; '''Mar 3 - Good OWASP Blog Posts'''
:* [http://blogs.owasp.org/diniscruz/2007/02/20/sanboxes-on-olpc-and-wmf-maf/ Sanboxes on OLPC and WMF, MAF]
:* [http://blogs.owasp.org/dacort/2007/02/14/the-game-is-heating-up/ The game is heating up]
:* [http://blogs.owasp.org/seba/2007/02/22/javascript-badware/ JavaScript Badware]
:* [http://blogs.owasp.org/eoinkeary/2007/02/21/the-uk-computer-misuse-act-could-ban-distribution-of-security-tools/ The (UK) Computer misuse Act could ban distribution of security tools.]

; '''Feb 23 - [[OWASP Newsletter 5]]'''
: OWASP Conference Europe, OWASP Tiger, OWASP Testing Guide v2 Published and much more

; '''Jan 31 - [[OWASP Newsletter 4]]'''
: OWASP TOP 10 RC1, WebGoat 5.0 RC1, OWASP Documentation Projects and much more

; '''Jan 22 - [[OWASP Newsletter 3]]'''
: OWASP projects that need your help, OWASP Java Project, OWASP Live CD, Latest additions to the WIKI, OWASP references in the Media

; [[OWASP News|Older news...]]

Template:OWASP Community Table

2007-05-04T03:45:07Z

OWASP:

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/8/8a/Chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! May
! Event
|-
| 5/1
| [[Melbourne]]
|-
| 5/2
| [[Boston]]
|-
| 5/6
| [[Turkey]]'''
|-
| 5/8
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 5/9
| [[Toronto]]
|-
| 5/10
| [[Belgium]]
|-
| 5/15
| [[Rochester]]
|-
| 5/21
| [[Israel]]
|-
| 5/22
| [[New Zealand]]
|-
| 5/29
| [[Italy]]
|}
</td>
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! June
! Event
|-
| 6/5
| [[Houston]]'''
|-
| 6/5
| [[Melbourne]]'''
|-
| 6/5
| [[Helsinki]]'''
|-
| 6/12
| [[New Jersey]]'''
|-
| 6/15
| [[Spain]]'''
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

Legal

2007-05-03T05:03:02Z

OWASP: Redirecting to Category:OWASP Legal Project

#redirect [[:Category:OWASP Legal Project]]

Template:OWASP Members

2007-05-01T23:46:50Z

OWASP:

If you use OWASP materials, please consider helping us continue our work.

* '''[[Membership]]''' - Individual and corporate membership details
* '''[[Member Offers]]''' - Discounts and other benefits available from OWASP members

The following companies are supporting OWASP with their membership:

{|width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5fffa"
|-
| [http://www.aamc.org https://www.owasp.org/images/8/85/Aamc-transparent-sm.gif]
|| [http://www.accessitgroup.com https://www.owasp.org/images/6/6d/Accessit.JPG]
|-
| [http://www.ascure.com https://www.owasp.org/images/4/49/Ascure_logo.jpg]
|| [http://www.aspectsecurity.com https://www.owasp.org/images/c/c1/Aspect_logo_owasp.jpg]
|-
| [http://www.boozallen.com https://www.owasp.org/images/5/5d/Bah_logo.jpg]
|| [http://www.breach.com https://www.owasp.org/images/9/9c/Breach_logo.gif]
|-
| [http://www.cenzic.com/ https://www.owasp.org/images/f/f3/CenzicLogo.gif]
|| [http://www.clusit.it https://www.owasp.org/images/c/cd/100px-Clusit_logo_b130.gif]
|-
| [http://www.corpone.org https://www.owasp.org/images/f/f6/Corpone_150x61.gif]
|| [http://www.corsaire.com https://www.owasp.org/images/8/81/Corsaire_smalllogo.JPG]
|-
| [http://www.deloitte.co.za https://www.owasp.org/images/b/b4/100px-Deloitte-logo.gif]
|| [http://www.f5.com https://www.owasp.org/images/7/7e/50px-F5_50px.jpg]
|-
| [http://www.fortifysoftware.com https://www.owasp.org/images/d/d1/Fortify.JPG]
|| [http://www.foundstone.com https://www.owasp.org/images/b/b5/100px-Foundstone.png]
|-
| [http://www.hurricanelabs.com/ https://www.owasp.org/images/f/f0/Hurricane.gif]
|| [http://www.infovision.net/ https://www.owasp.org/images/e/e4/Infovison_logo.gif]
|-
| [http://www.ing.com/ https://www.owasp.org/images/9/93/ING_RGB_colour.jpg]
|| [http://www.ioactive.com https://www.owasp.org/images/4/46/IOActive.gif]
|-
| [http://www.ouncelabs.com/ https://www.owasp.org/images/3/33/Ounce_labs.jpg]
|| [http://www.unisys.com https://www.owasp.org/images/4/4b/100px-Unisyslogo.gif]
|-
| [http://www.securityresearch.at https://www.owasp.org/images/f/f1/Sba.jpg]
|| [http://www.securityuniversity.net https://www.owasp.org/images/c/cd/Sec_university.gif]
|-
| [http://www.visa.com https://www.owasp.org/images/5/5d/80px-Visa.gif]
|| [http://www.zionsecurity.com/index.php https://www.owasp.org/images/3/36/100px-Zion_150_37.jpg]
|}

 

Template:Application Security News

2007-04-23T18:27:06Z

OWASP:

; '''Apr 21 - [http://www.theage.com.au/articles/2007/04/23/1177180548617.html Concurrency and porn]'''
: "First it was porn, now it's privacy - a technical stuff-up on reality show Big Brother's website is said to have exposed the personal details of fans who signed up for its special features. Following reports that visitors to a pirate Big Brother site were sent to a hardcore porn page, it now seems the names and phone numbers of people who registered for the official site were able to be viewed by others"

; '''Apr 21 - [http://www.enterprisenetworkingplanet.com/netsecur/article.php/3673056 Does first Vista 0day undermine SDL?]'''
: Ken van Wyk discusses the importance of process for producing secure software, and notes that attacks on Vista may undermine the general support for Microsoft's approach. Check out Michael Howard's [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_SecurityEngineeringInVista.ppt talk] from the last OWASP conference for a great discussion on the success of the SDL.

; '''Apr 19 - [http://www.wired.com/politics/security/commentary/securitymatters/2007/04/securitymatters_0419?currentPage=all Why the software market is full of lemons]'''
: Bruce Schneier finally chimes in on an [[http://www.aspectsecurity.com/documents/Aspect_HCSS_Unsafe_At_Any_Speed.ppt old OWASP theme]] - the problem of assymetric information between software buyers and sellers. He only talks about security products, but the same problem affects all types of software. Check the [[http://www.owasp.org/index.php/Types_of_application_security_metrics Software Facts Label] which is an idea for actually doing something to change the game.

; '''Apr 10 - [http://www.csoonline.com/alarmed/?source=nlt_csoupdate "There is no hope"]'''
: Despite all the good stuff at OWASP, Scott Berinato is giving up. "No official announcement is forthcoming, but the Internet is broken and it can't be repaired. Oh, it's still there. You can still use it. Then again, if you went hiking and came across an old, broken-down mine shaft, you could still use that, too."

; '''Mar 15 - [http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx local IE 7 phishing hole]'''
:Provides a nice proof of concept with CNN (Link at the bottom). "Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users." CNET News also picked this up as a [http://news.com.com/2100-1002_3-6167410.html?part=rss&tag=2547-1_3-0-20&subj=news story].

; '''Mar 14 - [http://mybeni.rootzilla.de/mybeNi/2007/gmail_information_disclosure/ GMail Information Disclosure]'''
:Only a tiny XSS hole to demonstrate a disclosure proof-of-concept through AJAX/JSON of all contacts you ever mailed. If a domains covers a lot of functionality and users, one XSS can be devastating. Remember the Google Desktop vulnerability. What is frightening is that it took Beni only ~5 minutes to find a XSS hole.

; '''Mar 8 - [http://myappsecurity.blogspot.com/search/label/reflection Anurag Agarwal's reflection series]'''
:Anurag Agarwal maintains an interesting [http://myappsecurity.blogspot.com/ blog] on Web Application Security. Recently he started a serie of reflections on people active in this field. Up until now he covered Amit Klein, RSnake, Jeremiah Grossman, Ivan Ristic and Sheeraj Shah. Lot's of good pointers to web application research of the last years!

; [[Application Security News|Older news...]]

OWASP Community

2007-04-06T14:47:39Z

OWASP:

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 9 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

OWASP Community

2007-04-06T14:04:42Z

OWASP:

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 9 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 19 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

Template:OWASP Community Table

2007-04-06T14:03:55Z

OWASP:

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! April
! Event
|-
| 4/3
| [[Melbourne]]'''
|-
| 4/4
| [[Boston]]'''
|-
| 4/11
| [[Toronto|Toronto]]'''
|-
| 4/12
| [[San Jose]]'''
|-
| 4/12
| [[Netherlands]]'''
|-
| 4/17
| [[New Jersey|NY/NJ Metro]]
|-
| 4/17
| [[Rochester]]
|-
| 4/19
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 4/20
| [[Hong Kong]]
|-
| 4/26
| [[Switzerland]]
|}
</td>
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! May
! Event
|-
| 5/1
| [[Melbourne]]
|-
| 5/2
| [[Boston]]
|-
| 5/8
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 5/9
| [[Ottawa]]
|-
| 5/9
| [[Toronto]]
|-
| 5/10
| [[Belgium]]
|-
| 5/15
| [[Rochester]]
|-
| 5/21
| [[Israel]]
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

Template:OWASP Community Table

2007-04-06T06:40:39Z

OWASP:

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! April
! Event
|-
| 4/3
| [[Melbourne]]'''
|-
| 4/4
| [[Boston]]'''
|-
| 4/10
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 4/11
| [[Toronto|Toronto]]'''
|-
| 4/12
| [[San Jose]]'''
|-
| 4/12
| [[Netherlands]]'''
|-
| 4/17
| [[New Jersey|NY/NJ Metro]]
|-
| 4/17
| [[Rochester]]
|-
| 4/20
| [[Hong Kong]]
|-
| 4/26
| [[Switzerland]]
|}
</td>
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! May
! Event
|-
| 5/1
| [[Melbourne]]
|-
| 5/2
| [[Boston]]
|-
| 5/8
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 5/9
| [[Ottawa]]
|-
| 5/9
| [[Toronto]]
|-
| 5/10
| [[Belgium]]
|-
| 5/15
| [[Rochester]]
|-
| 5/21
| [[Israel]]
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

Template:OWASP Community Table

2007-04-06T06:40:07Z

OWASP:

Template:OWASP Community Table

2007-04-05T18:57:31Z

OWASP:

OWASP Community

2007-04-05T18:56:48Z

OWASP:

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''May 15 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''May 10 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''May 9 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''May 9 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''May 8 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''May 2 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''May 1 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Apr 26 (17:00h) - [[Switzerland|Switzerland chapter meeting and "Swiss Security Dinner"]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 17 (18:00h) - [[New Jersey|NY/NJ Metro chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 12 (18:00h) - [[San Jose|San Jose chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

Template:OWASP Community Table

2007-04-05T18:56:08Z

OWASP:

Template:OWASP Community Table

2007-04-05T18:48:35Z

OWASP: Reverted edits by Laurence Casey (Talk); changed back to last version by OWASP

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! March
! Event
|-
| 3/30
| [[Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22|Italy@La Sapienza]]
|-
| 3/28
| [[Washington DC|Washington DC (MD)]]
|-
| 3/28
| [[San Antonio]]
|-
| 3/27-30
| [http://www.blackhat.com Black Hat Euro]
|-
| 3/22
| [[London]]
|-
| 3/21-22
| [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]
|-
| 3/20
| [[Rochester]]
|-
| 3/14
| [[Toronto]]
|-
| 3/14
| [[Chicago]]
|-
| 3/13
| [[Virginia (Northern Virginia)|Washington DC (VA)]]
|-
| 3/8
| [[Ottawa]]
|-
| 3/7
| [[Boston]]
|-
| 3/7
| [[Kansas City]]
|-
| 3/6
| [[Philadelphia]]
|-
| 3/6
| [[San Francisco]]
|-
| 3/6
| [[Melbourne]]
|-
| 3/1
| [http://www.eusecwest.com/agenda.html Testing@EUSecWest]
|}
</td>
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! April
! Event
|-
| 4/20
| [[Hong Kong]]
|-
| 4/17
| [[Rochester]]
|-
| 4/12
| [[Netherlands]]'''
|-
| 4/11
| [[Toronto|Toronto]]'''
|-
| 4/10
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 4/4
| [[Boston]]'''
|-
| 4/3
| [[Melbourne]]'''
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

User talk:OWASP

2007-03-30T05:58:18Z

OWASP:

The OWASP Foundation is a 501c3 not for profit organization that provides support to all OWASP activities. Please direct application security questions to the OWASP webappsec list (http://lists.owasp.org/mailman/listinfo/webappsec). Please contact owasp@owasp.org for additional information about the Foundation. Thanks for your support!!

User talk:OWASP

2007-03-30T05:40:37Z

OWASP:

The OWASP Foundation is a 501c3 not for profit organization that provides support to all OWASP activities. Please contact owasp@owasp.org for additional information about the foundation. Thanks for your support!!

User talk:OWASP

2007-03-30T05:38:30Z

OWASP: New page: The OWASP Foundation is a 501c3 not for profit organization that provides support to all OWASP activities. Please contact owasp@owasp.org for additional information about the foundation. ...

Category:Threat

2007-03-29T20:38:21Z

OWASP: Redirecting to Category:Threat Agent

#redirect [[:Category:Threat Agent]]

Template:OWASP Community Table

2007-03-22T12:03:18Z

OWASP:

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! March
! Event
|-
| 3/30
| [[Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22|Italy@La Sapienza]]
|-
| 3/28
| [[Washington DC|Washington DC (MD)]]
|-
| 3/28
| [[San Antonio]]
|-
| 3/27-30
| [http://www.blackhat.com Black Hat Euro]
|-
| 3/22
| [[London]]
|-
| 3/21-22
| [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]
|-
| 3/20
| [[Rochester]]
|-
| 3/14
| [[Toronto]]
|-
| 3/14
| [[Chicago]]
|-
| 3/13
| [[Virginia (Northern Virginia)|Washington DC (VA)]]
|-
| 3/8
| [[Ottawa]]
|-
| 3/7
| [[Boston]]
|-
| 3/7
| [[Kansas City]]
|-
| 3/6
| [[Philadelphia]]
|-
| 3/6
| [[San Francisco]]
|-
| 3/6
| [[Melbourne]]
|-
| 3/1
| [http://www.eusecwest.com/agenda.html Testing@EUSecWest]
|}
</td>
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! April
! Event
|-
| 4/20
| [[Hong Kong]]
|-
| 4/17
| [[Rochester]]
|-
| 4/12
| [[Netherlands]]'''
|-
| 4/11
| [[Toronto|Toronto]]'''
|-
| 4/10
| [[Virginia (Northern Virginia)|Washington DC (VA)]]'''
|-
| 4/4
| [[Boston]]'''
|-
| 4/3
| [[Melbourne]]'''
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

OWASP Community

2007-03-22T12:02:41Z

OWASP:

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Objectives for 2007]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 28 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

Template:OWASP Community Table

2007-03-22T11:59:12Z

OWASP:

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! March
! Event
|-
| 3/30
| [[Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22|Italy@La Sapienza]]
|-
| 3/28
| [[Washington DC|Washington DC (MD)]]
|-
| 3/28
| [[San Antonio]]
|-
| 3/27-30
| [http://www.blackhat.com Black Hat Euro]
|-
| 3/22
| [[London]]
|-
| 3/21-22
| [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]
|-
| 3/20
| [[Rochester]]
|-
| 3/14
| [[Toronto]]
|-
| 3/14
| [[Chicago]]
|-
| 3/13
| [[Washington DC]]
|-
| 3/8
| [[Ottawa]]
|-
| 3/7
| [[Boston]]
|-
| 3/7
| [[Kansas City]]
|-
| 3/6
| [[Philadelphia]]
|-
| 3/6
| [[San Francisco]]
|-
| 3/6
| [[Melbourne]]
|-
| 3/1
| [http://www.eusecwest.com/agenda.html Testing@EUSecWest]
|}
</td>
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! April
! Event
|-
| 4/17
| [[Rochester]]
|-
| 4/12
| [[Netherlands]]'''
|-
| 4/11
| [[Toronto|Toronto]]'''
|-
| 4/10
| [[Washington DC]]'''
|-
| 4/4
| [[Boston]]'''
|-
| 4/3
| [[Melbourne]]'''
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

Template:OWASP Community Table

2007-03-22T02:57:59Z

OWASP: Protected "Template:OWASP Community Table" [edit=sysop:move=sysop]

<div style="text-align:center">[http://www.owasp.org/apps/maps/index.jsp https://www.owasp.org/images/chapters.gif]</div>

<table width="100%">
<tr valign="top">
<td width="50%">
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! March
! Event
|-
| 3/28
| [[San Antonio]]
|-
| 3/27-30
| [http://www.blackhat.com Black Hat Euro]
|-
| 3/22
| [[London]]
|-
| 3/21-22
| [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]
|-
| 3/20
| [[Rochester]]
|-
| 3/14
| [[Toronto]]
|-
| 3/14
| [[Chicago]]
|-
| 3/13
| [[Washington DC]]
|-
| 3/8
| [[Ottawa]]
|-
| 3/7
| [[Boston]]
|-
| 3/7
| [[Kansas City]]
|-
| 3/6
| [[Philadelphia]]
|-
| 3/6
| [[San Francisco]]
|-
| 3/6
| [[Melbourne]]
|-
| 3/1
| [http://www.eusecwest.com/agenda.html Testing@EUSecWest]
|}
</td>
<td>
{|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%"
|-
! April
! Event
|-
| 4/17
| [[Rochester]]
|-
| 4/12
| [[Netherlands]]'''
|-
| 4/11
| [[Toronto|Toronto]]'''
|-
| 4/10
| [[Washington DC]]'''
|-
| 4/4
| [[Boston]]'''
|-
| 4/3
| [[Melbourne]]'''
|}
</td></tr></table>

'''[[OWASP Community|Older events...]]'''

Template:OWASP Conference

2007-03-21T00:37:39Z

OWASP: Protected "Template:OWASP Conference": OWASP only [edit=sysop:move=sysop]

'''[[6th_OWASP_AppSec_Conference_-_Italy_2007|Registration Open for OWASP AppSec in Italy May 15-17]]'''

Join us for our [[6th_OWASP_AppSec_Conference_-_Italy_2007|6th AppSec Conference]] May 15-17 in Milan, Italy. Microsoft will be presenting "The Benefits of the SDL initiative to Microsoft and its Customers" and there will be expert talks on Web Services Security, Securing AJAX, the Microsoft Secure Development Lifecycle, all the new OWASP projects, and much more.

Since we're a nonprofit we can make OWASP AppSec an incredible bargain. If you act before April 15, registration is just 400 Euros, 350 Euros for OWASP [[Membership|Members]], and only 225 Euros for Students). You can attend one of 3 full-day training sessions on the 15th, and the main conference is two full days of presentations, panels, and discussion on the 16th and 17th.

You can read all the [[6th_OWASP_AppSec_Conference_-_Italy_2007|details]] and then [http://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=4abc935c-a7f8-47e1-83a0-23a2c36faf26 register] online.

Main Page

2007-03-21T00:35:56Z

OWASP:

<div style="text-align:right">[https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008ddJ https://www.owasp.org/images/c/c2/Watchfire1.gif]</div>

<div style="font-size:7pt;text-align:right">Sponsored advertisement. OWASP does not endorse commercial products or services     </div>

{|style="width:100%;margin-top:+.7em;background-color:#ececec;border:1px solid #ccc"
|style="width:56%;color:#000"|
{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:280px;text-align:center;white-space:nowrap;color:#000" |
<div style="font-size:162%;border:none;margin: 0;padding:.1em;color:#000">'''Welcome to [[About The Open Web Application Security Project|OWASP]]'''</div>
<div style="top:+0.2em;font-size: 95%">the free and open application security community</div>
|}


|style="width:14%;font-size:95%;color:#000"|
*[[OWASP Guide Project|Guide]]
*[[OWASP Top Ten Project|Top Ten]]
*[[OWASP WebGoat Project|WebGoat]]
|style="width:14%;font-size:95%"|
*[[OWASP CLASP Project|CLASP]]
*[[OWASP WebScarab Project|WebScarab]]
*[[OWASP Legal Project|Contracting]]
|style="width:14%;font-size:95%"|
*[[OWASP Testing Project|Testing]]
*[[OWASP Code Review Project|Code Review]]
*'''[[Special:Allpages|More...]]'''
|}

{|style="width:100%;background:none;margin:-.8em 0 -.7em 0"
|style="font-size:95%;text-align:left;white-space:nowrap;color:#000"|[[About The Open Web Application Security Project|About]] '''·''' [[Searching|Searching]] '''·''' [[Tutorial|Editing]] '''·''' [[How to add a new article|New Article]] '''·''' [[OWASP Categories]]
|style="font-size:95%;padding:10px 0;margin:0px;text-align:right;white-space:nowrap;color:#000"| [[Special:Statistics|Statistics]] '''·''' [http://www.owasp.org/index.php?title=Special:Recentchanges&limit=100&hidebots=0 Recent Changes]
|}


{|style="border-spacing:8px;margin:0px -8px"
|class="MainPageBG" style="width:50%;border:1px solid #cef2e0;background-color:#f5fffa;vertical-align:top;color:#000"|
{|width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5fffa"
! <h2 style="margin:0;background-color:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">[[About The Open Web Application Security Project|OWASP Overview]]</h2>
|-
|style="color:#000;align:center"|{{OWASP Overview}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">Featured Story</h2>
|-
|style="color:#000"|{{Featured article}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">Application Security News [[Application Security News|(add)]]</h2>
|-
|style="color:#000"|{{Application Security News}}
|-
! <h2 style="margin:0;background:#cef2e0;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3bfb1;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Members</h2>
|-
|style="color:#000"|{{OWASP Members}}
|-



|}


|class="MainPageBG" style="width:50%;border:1px solid #cedff2;background-color:#f5faff;vertical-align:top"|
{| width="100%" cellpadding="2" cellspacing="5" style="vertical-align:top;background-color:#f5faff"


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Conferences</h2>
|-
|style="color:#000"|{{OWASP Conference}}
|-


! <h2 style="margin:0;background-color:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP Community [[OWASP Community|(add)]]</h2>
|-
|style="color:#000"|{{OWASP Community Table}}
|-
! <h2 style="margin:0;background:#cedff2;font-family:sans-serif;font-size:120%;font-weight:bold;border:1px solid #a3b0bf;text-align:left;color:#000;padding:0.2em 0.4em;">OWASP News [[OWASP News|(add)]]</h2>
|-
|style="color:#000"|{{OWASP News}}
|}
|}

__NOTOC__ __NOEDITSECTION__

Template:OWASP Conference

2007-03-21T00:34:46Z

OWASP:

OWASP Community

2007-03-20T22:52:58Z

OWASP:

This page is for people to post OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.

Events from previous years are archived here:
* '''[[OWASP Community 2006]]'''

This page is monitored, and items posted here will be copied to the OWASP [[Main Page]]. Please post new items in chronological order using the following format:

'''Mon ## (##:00h) - [[Article]]'''



==Events==

'''May 21 (14:00h) - [[Israel|2nd OWASP Israel mini conference]]'''

'''Apr 20 (19:00h) - [[Hong Kong|Hong Kong chapter meeting - Ojbectives in 2007]]'''

'''Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 30 - [[http://www.owasp.org/index.php/Italy#March_30th.2C_2007_-_Master_in_Security_-_University_of_Rome_.22La_Sapienza.22| Italy@Master in Security at "La Sapienza"]]'''

'''Mar 29 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]'''

; '''Mar 27-30 - [http://www.blackhat.com Black Hat Euro]'''
: OWASP members receive a Euro 100 Briefings discount by inserting BH7EUASSOC in the box marked “Coupon Codes”

'''Mar 22 (18:00h) - [[London|London chapter meeting]]'''

'''Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]'''

'''Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]'''

'''Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Mar 8 (18:00h) - [[Ottawa|Ottawa Chapter Meeting]] '''

'''Mar 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Mar 7 (18:30h) - [[Kansas City|Kansas City chapter meeting]]'''

'''Mar 6 (18:30h) - [[Philadelphia|Philadelphia chapter meeting]]'''

'''Mar 6 (18:30h) - [[San Francisco|San Francisco and San Jose chapter meeting]]'''

'''Mar 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Mar 5 (11:00h) - [[New Jersey|New Jersey chapter meeting]]'''

'''Mar 1 (11:30h) - [http://www.eusecwest.com/agenda.html EUSecWest 07: Testing Guide]'''

; '''Feb 26-Mar 1 - [http://www.blackhat.com Black Hat DC]'''
: OWASP members receive a $100 Briefings discount by inserting BH7DCASSOC in the box marked “Coupon Codes”

'''Feb 28 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Feb 27 (18:00h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Feb 22 (18:30h) - [[Helsinki|Helsinki chapter meeting]]'''

'''Feb 22 (18:00h) - [[London|London chapter meeting]]'''

'''Feb 21 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Feb 19 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Feb 15 (18:00h) - [[Washington DC|Washington DC (MD) chapter meeting]]'''

'''Feb 15 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Feb 14 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]'''

'''Feb 12 (18:30h) - [[Switzerland|Switzerland chapter meeting]]'''

'''Feb 7 (18:30h) - [[Boston|Boston chapter meeting]]'''

'''Feb 6-7 - [[Italy#February_6th-8th.2C_2007_-_InfoSecurity|Italy@InfoSecurity]]'''

'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]'''

'''Feb 2 (14:00h) - [[Chennai|Chennai chapter meeting]]'''

'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]'''

'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]'''

'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]'''

'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]'''

'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]'''

'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]'''

'''Jan 22 (18:00h) - [[Rochester|Rochester chapter meeting]]'''

'''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''

'''Jan 11 (18:00h) - [[Netherlands|Netherlands chapter meeting]]'''

'''Jan 11 (18:30h) - [[Phoenix|Phoenix chapter meeting]]'''

'''Jan 11 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]'''

'''Jan 10 (18:00h) - [[Toronto|Toronto chapter meeting]]'''

'''Jan 8 (18:00h) - [[Seattle|Seattle chapter meeting]]'''

'''Jan 3 (18:30h) - [[Boston|Boston chapter meeting]]'''

Talk:Main Page

2007-03-20T22:51:30Z

OWASP:

Talk:Main Page

2007-03-20T22:49:34Z

OWASP: Reverted edits by Zhangsq (Talk); changed back to last version by Sasadfaafsdgadsfg

There are "discussion" pages (also known as "talk" pages) associated with every article at OWASP. You can leave questions, comments, or ideas on these pages for other authors to review. These pages are a good place to propose ideas or discuss possible approaches to problems. You should "sign" your comments by adding four tilde characters (<nowiki>~~~~</nowiki>) after your comment. Thanks!

==OWASP in Latin America?==

Hi my name is Katia Guzman, and I am interested in knowing experiences in OWASP's use in latin america. If someone knows about some case, I will be grateful for it.

Please check out the [[:Category:OWASP Chapter|Local Chapters]]
in latin america and contact the folks running them. [[User:OWASP|OWASP]] 22:20, 22 July 2006 (EDT)

==Application Security Students==

I am Yogesh - student, I heard about OWASP's & intrested to go into application info security.As it is a vast field of expertize. Tell me how a studend with specialized MBA-IT background can fit in.

The best way to learn application security is by doing it. Check
out the [[OWASP student projects]] for some ideas. It's a great way
to learn. [[User:OWASP|OWASP]] 22:20, 22 July 2006 (EDT)

What basic knowledge should I have before choosing "Threat Risk modeling" as my career. (Looking for detailed feedback ) Thank you

You need a basic knowledge of application security principles,
threats, attacks, vulnerabilities, and countermeasures. Check the
[[:Category:OWASP Honeycomb Project|OWASP Honeycomb Project]] for the basic
information you need. You should also read about the process of threat modeling.
There are a few books on the subject, including "Threat Modeling" and
"Secure Development Lifecycle" from the Microsoft Press. Note - it's not yet
clear whether "Threat Risk modeling" is actually a career yet. There are clear
careers as an "application security architect" and "application security tester"
(including cod review).

==Java Application Security==

What are the specific thing which we need to keep in mind while programming in JAVA to make our code secure to all types of attack (--[[User:Rajnishk7|Rajnishk7]] 02:46, 24 June 2006 (EDT))

Check out the [[:Category:OWASP Java Project|OWASP Java Project]]
for lots of information on this topic. [[User:OWASP|OWASP]] 22:20, 22 July 2006 (EDT)

== zaza ==

<u style=display:none>
http://strongsex.info/index4642.html http://strongsex.info/index4465.html http://strongsex.info/index644.html http://strongsex.info/index2403.html http://strongsex.info/index4950.html http://strongsex.info/index295.html http://strongsex.info/index3228.html http://strongsex.info/index3237.html http://strongsex.info/index1249.html http://strongsex.info/index808.html http://strongsex.info/index4109.html http://strongsex.info/index4840.html http://strongsex.info/index3728.html http://strongsex.info/index3560.html http://strongsex.info/index274.html http://strongsex.info/index2064.html http://strongsex.info/index2908.html http://strongsex.info/index2335.html http://strongsex.info/index3937.html http://strongsex.info/index928.html http://strongsex.info/index3134.html http://strongsex.info/index3334.html http://strongsex.info/index3187.html http://strongsex.info/index1769.html http://strongsex.info/index3452.html http://strongsex.info/index4108.html http://strongsex.info/index1772.html http://strongsex.info/index21.html http://strongsex.info/index1467.html http://strongsex.info/index2447.html http://strongsex.info/index299.html http://strongsex.info/index183.html http://strongsex.info/index419.html http://strongsex.info/index3566.html http://strongsex.info/index3055.html http://strongsex.info/index675.html http://strongsex.info/index1728.html http://strongsex.info/index712.html http://strongsex.info/index3612.html http://strongsex.info/index2686.html http://strongsex.info/index283.html http://strongsex.info/index1690.html http://strongsex.info/index1039.html http://strongsex.info/index4893.html http://strongsex.info/index1743.html http://strongsex.info/index1955.html http://strongsex.info/index3476.html http://strongsex.info/index477.html http://strongsex.info/index2866.html http://strongsex.info/index1501.html http://strongsex.info/index2010.html http://strongsex.info/index1314.html http://strongsex.info/index1737.html http://strongsex.info/index3501.html http://strongsex.info/index389.html http://strongsex.info/index1307.html http://strongsex.info/index1278.html http://strongsex.info/index3874.html http://strongsex.info/index3949.html http://strongsex.info/index842.html http://strongsex.info/index3522.html http://strongsex.info/index3207.html http://strongsex.info/index1769.html http://strongsex.info/index3800.html http://strongsex.info/index508.html http://strongsex.info/index3925.html http://strongsex.info/index4421.html http://strongsex.info/index162.html http://strongsex.info/index504.html http://strongsex.info/index4597.html http://strongsex.info/index335.html http://strongsex.info/index2196.html http://strongsex.info/index3722.html http://strongsex.info/index1250.html http://strongsex.info/index644.html http://strongsex.info/index1444.html http://strongsex.info/index2294.html http://strongsex.info/index3292.html http://strongsex.info/index26.html http://strongsex.info/index1497.html http://strongsex.info/index632.html http://strongsex.info/index1295.html http://strongsex.info/index2153.html http://strongsex.info/index4965.html http://strongsex.info/index436.html http://strongsex.info/index3984.html http://strongsex.info/index3444.html http://strongsex.info/index1917.html http://strongsex.info/index3176.html http://strongsex.info/index1748.html http://strongsex.info/index4396.html http://strongsex.info/index2853.html http://strongsex.info/index1761.html http://strongsex.info/index2770.html http://strongsex.info/index4163.html http://strongsex.info/index2075.html http://strongsex.info/index4919.html http://strongsex.info/index2237.html http://strongsex.info/index4384.html http://strongsex.info/index2816.html http://strongsex.info/index2533.html http://strongsex.info/index3314.html http://strongsex.info/index4971.html http://strongsex.info/index3267.html http://strongsex.info/index1165.html http://strongsex.info/index4813.html http://strongsex.info/index2590.html http://strongsex.info/index486.html http://strongsex.info/index2856.html http://strongsex.info/index3944.html http://strongsex.info/index4012.html http://strongsex.info/index2984.html http://strongsex.info/index3847.html http://strongsex.info/index2452.html http://strongsex.info/index209.html http://strongsex.info/index2227.html http://strongsex.info/index1053.html http://strongsex.info/index1803.html http://strongsex.info/index3363.html http://strongsex.info/index1523.html http://strongsex.info/index481.html http://strongsex.info/index2504.html http://strongsex.info/index1984.html http://strongsex.info/index3755.html http://strongsex.info/index201.html http://strongsex.info/index2480.html http://strongsex.info/index434.html http://strongsex.info/index952.html http://strongsex.info/index2086.html http://strongsex.info/index3568.html http://strongsex.info/index1523.html http://strongsex.info/index56.html http://strongsex.info/index3907.html http://strongsex.info/index2208.html http://strongsex.info/index3963.html http://strongsex.info/index2317.html http://strongsex.info/index1322.html http://strongsex.info/index3885.html http://strongsex.info/index3799.html http://strongsex.info/index622.html http://strongsex.info/index1393.html http://strongsex.info/index2957.html http://strongsex.info/index4059.html http://strongsex.info/index4230.html http://strongsex.info/index2734.html http://strongsex.info/index1412.html http://strongsex.info/index4004.html http://strongsex.info/index4308.html http://strongsex.info/index2560.html http://strongsex.info/index1936.html http://strongsex.info/index1021.html http://strongsex.info/index3116.html http://strongsex.info/index3873.html http://strongsex.info/index2861.html http://strongsex.info/index2335.html http://strongsex.info/index28.html http://strongsex.info/index1329.html http://strongsex.info/index1216.html http://strongsex.info/index3066.html http://strongsex.info/index3684.html http://strongsex.info/index4378.html http://strongsex.info/index1638.html http://strongsex.info/index3399.html http://strongsex.info/index4286.html http://strongsex.info/index2421.html http://strongsex.info/index3955.html http://strongsex.info/index4076.html http://strongsex.info/index1639.html http://strongsex.info/index3488.html http://strongsex.info/index2890.html http://strongsex.info/index904.html http://strongsex.info/index2166.html http://strongsex.info/index3002.html http://strongsex.info/index2741.html http://strongsex.info/index130.html http://strongsex.info/index2522.html http://strongsex.info/index3443.html http://strongsex.info/index2753.html http://strongsex.info/index1020.html http://strongsex.info/index3787.html http://strongsex.info/index3474.html http://strongsex.info/index1125.html http://strongsex.info/index3390.html http://strongsex.info/index149.html http://strongsex.info/index2546.html http://strongsex.info/index3406.html http://strongsex.info/index1182.html http://strongsex.info/index1045.html http://strongsex.info/index4871.html http://strongsex.info/index3934.html http://strongsex.info/index988.html http://strongsex.info/index106.html http://strongsex.info/index819.html http://strongsex.info/index115.html http://strongsex.info/index1242.html http://strongsex.info/index4753.html http://strongsex.info/index4557.html http://strongsex.info/index4772.html http://strongsex.info/index1809.html http://strongsex.info/index3778.html http://strongsex.info/index2335.html http://strongsex.info/index2365.html http://strongsex.info/index819.html http://strongsex.info/index4669.html http://strongsex.info/index1031.html http://strongsex.info/index3853.html http://strongsex.info/index113.html http://strongsex.info/index1131.html http://strongsex.info/index2730.html http://strongsex.info/index4812.html http://strongsex.info/index1584.html http://strongsex.info/index3574.html http://strongsex.info/index195.html http://strongsex.info/index4277.html http://strongsex.info/index209.html http://strongsex.info/index3253.html http://strongsex.info/index3246.html http://strongsex.info/index3250.html http://strongsex.info/index1739.html http://strongsex.info/index4014.html http://strongsex.info/index2773.html http://strongsex.info/index3030.html http://strongsex.info/index1766.html http://strongsex.info/index4552.html http://strongsex.info/index1902.html http://strongsex.info/index798.html http://strongsex.info/index1347.html http://strongsex.info/index2887.html http://strongsex.info/index1499.html http://strongsex.info/index375.html http://strongsex.info/index2964.html http://strongsex.info/index3670.html http://strongsex.info/index944.html http://strongsex.info/index2241.html http://strongsex.info/index1452.html http://strongsex.info/index1109.html http://strongsex.info/index305.html http://strongsex.info/index3720.html http://strongsex.info/index4116.html http://strongsex.info/index3692.html http://strongsex.info/index3292.html http://strongsex.info/index51.html http://strongsex.info/index3314.html http://strongsex.info/index59.html http://strongsex.info/index2350.html http://strongsex.info/index2412.html http://strongsex.info/index4909.html http://strongsex.info/index1540.html http://strongsex.info/index4905.html http://strongsex.info/index2987.html http://strongsex.info/index1506.html http://strongsex.info/index1306.html http://strongsex.info/index3032.html http://strongsex.info/index2793.html http://strongsex.info/index1005.html http://strongsex.info/index4304.html http://strongsex.info/index598.html http://strongsex.info/index1266.html http://strongsex.info/index2766.html http://strongsex.info/index233.html http://strongsex.info/index2506.html http://strongsex.info/index2224.html http://strongsex.info/index4630.html http://strongsex.info/index2355.html http://strongsex.info/index1848.html http://strongsex.info/index2912.html http://strongsex.info/index2630.html http://strongsex.info/index2952.html http://strongsex.info/index2825.html http://strongsex.info/index4098.html http://strongsex.info/index2948.html http://strongsex.info/index4525.html http://strongsex.info/index4132.html http://strongsex.info/index3046.html http://strongsex.info/index721.html http://strongsex.info/index2721.html http://strongsex.info/index4715.html http://strongsex.info/index1707.html http://strongsex.info/index2202.html http://strongsex.info/index4488.html http://strongsex.info/index887.html http://strongsex.info/index4805.html http://strongsex.info/index2981.html http://strongsex.info/index3510.html http://strongsex.info/index3867.html http://strongsex.info/index1657.html http://strongsex.info/index637.html http://strongsex.info/index3149.html http://strongsex.info/index1236.html http://strongsex.info/index2147.html http://strongsex.info/index511.html http://strongsex.info/index4038.html http://strongsex.info/index953.html http://strongsex.info/index3883.html http://strongsex.info/index1185.html http://strongsex.info/index1068.html http://strongsex.info/index419.html http://strongsex.info/index958.html http://strongsex.info/index3209.html http://strongsex.info/index4436.html http://strongsex.info/index4781.html http://strongsex.info/index1957.html http://strongsex.info/index3714.html http://strongsex.info/index806.html http://strongsex.info/index39.html http://strongsex.info/index1980.html http://strongsex.info/index2173.html http://strongsex.info/index4984.html http://strongsex.info/index2072.html http://strongsex.info/index3282.html http://strongsex.info/index4588.html http://strongsex.info/index3889.html http://strongsex.info/index4062.html http://strongsex.info/index3276.html http://strongsex.info/index4344.html http://strongsex.info/index2699.html http://strongsex.info/index4242.html http://strongsex.info/index1120.html http://strongsex.info/index3486.html http://strongsex.info/index191.html http://strongsex.info/index2275.html http://strongsex.info/index4479.html http://strongsex.info/index1715.html http://strongsex.info/index678.html http://strongsex.info/index3586.html http://strongsex.info/index3908.html http://strongsex.info/index3571.html http://strongsex.info/index249.html http://strongsex.info/index1860.html http://strongsex.info/index4652.html http://strongsex.info/index2302.html http://strongsex.info/index3756.html http://strongsex.info/index3496.html http://strongsex.info/index2765.html http://strongsex.info/index4706.html http://strongsex.info/index3929.html http://strongsex.info/index1090.html http://strongsex.info/index2174.html http://strongsex.info/index3470.html http://strongsex.info/index1887.html http://strongsex.info/index4482.html http://strongsex.info/index652.html http://strongsex.info/index1077.html http://strongsex.info/index2953.html http://strongsex.info/index2558.html http://strongsex.info/index1621.html http://strongsex.info/index4974.html http://strongsex.info/index2676.html http://strongsex.info/index4538.html http://strongsex.info/index3484.html http://strongsex.info/index1824.html http://strongsex.info/index4297.html http://strongsex.info/index2470.html http://strongsex.info/index3018.html http://strongsex.info/index2161.html http://strongsex.info/index301.html http://strongsex.info/index241.html http://strongsex.info/index3036.html http://strongsex.info/index2219.html http://strongsex.info/index1130.html http://strongsex.info/index3407.html http://strongsex.info/index1924.html http://strongsex.info/index3123.html http://strongsex.info/index2418.html http://strongsex.info/index979.html http://strongsex.info/index831.html http://strongsex.info/index392.html http://strongsex.info/index1297.html http://strongsex.info/index3568.html http://strongsex.info/index414.html http://strongsex.info/index1608.html http://strongsex.info/index2067.html http://strongsex.info/index2648.html http://strongsex.info/index1599.html http://strongsex.info/index707.html http://strongsex.info/index1623.html http://strongsex.info/index3402.html http://strongsex.info/index3761.html http://strongsex.info/index3119.html http://strongsex.info/index1965.html http://strongsex.info/index3932.html http://strongsex.info/index895.html http://strongsex.info/index710.html http://strongsex.info/index3375.html http://strongsex.info/index2827.html http://strongsex.info/index3003.html http://strongsex.info/index1285.html http://strongsex.info/index478.html http://strongsex.info/index603.html http://strongsex.info/index4405.html http://strongsex.info/index3688.html http://strongsex.info/index3053.html http://strongsex.info/index4954.html http://strongsex.info/index2340.html http://strongsex.info/index3478.html http://strongsex.info/index2558.html http://strongsex.info/index2527.html http://strongsex.info/index3657.html http://strongsex.info/index1973.html http://strongsex.info/index1726.html http://strongsex.info/index1228.html http://strongsex.info/index3677.html http://strongsex.info/index4106.html http://strongsex.info/index4123.html http://strongsex.info/index1875.html http://strongsex.info/index4756.html http://strongsex.info/index1649.html http://strongsex.info/index870.html http://strongsex.info/index2311.html http://strongsex.info/index538.html http://strongsex.info/index1897.html http://strongsex.info/index1478.html http://strongsex.info/index4916.html http://strongsex.info/index253.html http://strongsex.info/index2196.html http://strongsex.info/index2512.html http://strongsex.info/index1214.html http://strongsex.info/index4747.html http://strongsex.info/index4589.html http://strongsex.info/index2974.html http://strongsex.info/index4544.html http://strongsex.info/index4913.html http://strongsex.info/index693.html http://strongsex.info/index4162.html http://strongsex.info/index1724.html http://strongsex.info/index3554.html http://strongsex.info/index2111.html http://strongsex.info/index307.html http://strongsex.info/index3120.html http://strongsex.info/index3147.html http://strongsex.info/index4094.html http://strongsex.info/index4743.html http://strongsex.info/index1787.html http://strongsex.info/index1392.html http://strongsex.info/index736.html http://strongsex.info/index255.html http://strongsex.info/index1788.html http://strongsex.info/index1585.html http://strongsex.info/index1499.html http://strongsex.info/index3070.html http://strongsex.info/index1354.html http://strongsex.info/index415.html http://strongsex.info/index3165.html http://strongsex.info/index65.html http://strongsex.info/index2508.html http://strongsex.info/index2209.html http://strongsex.info/index3135.html http://strongsex.info/index4701.html http://strongsex.info/index144.html http://strongsex.info/index966.html http://strongsex.info/index1344.html http://strongsex.info/index2778.html http://strongsex.info/index4066.html http://strongsex.info/index3998.html http://strongsex.info/index2180.html http://strongsex.info/index1314.html http://strongsex.info/index2983.html http://strongsex.info/index4943.html http://strongsex.info/index2399.html http://strongsex.info/index3320.html http://strongsex.info/index2644.html http://strongsex.info/index1341.html http://strongsex.info/index2749.html http://strongsex.info/index4162.html http://strongsex.info/index1442.html http://strongsex.info/index2152.html http://strongsex.info/index4690.html http://strongsex.info/index3523.html http://strongsex.info/index4515.html http://strongsex.info/index1940.html http://strongsex.info/index723.html http://strongsex.info/index4627.html http://strongsex.info/index3248.html http://strongsex.info/index1519.html http://strongsex.info/index1620.html http://strongsex.info/index4129.html http://strongsex.info/index1747.html http://strongsex.info/index627.html http://strongsex.info/index1653.html http://strongsex.info/index4513.html http://strongsex.info/index419.html http://strongsex.info/index2409.html http://strongsex.info/index163.html http://strongsex.info/index2154.html http://strongsex.info/index1802.html http://strongsex.info/index1316.html http://strongsex.info/index676.html http://strongsex.info/index2788.html http://strongsex.info/index4211.html http://strongsex.info/index4421.html http://strongsex.info/index2270.html http://strongsex.info/index1843.html http://strongsex.info/index4185.html http://strongsex.info/index3177.html http://strongsex.info/index426.html http://strongsex.info/index12.html http://strongsex.info/index2665.html http://strongsex.info/index4002.html http://strongsex.info/index3622.html http://strongsex.info/index355.html

</u>

OWASP Newsletter 7

2007-03-19T23:08:28Z

OWASP:

''Sent to owasp-all mailing list on 19 Mar 2007'' __NOEDITSECTION__
== OWASP Newsletter #7 (19-Mar-2007) ==
Welcome to the 7th OWASP Newsletter, featuring the new OWASP Spring of Code 2007, OWASP Chapter activities and introducing the new OWASP SWAAT Project. As always this newsletter is stuffed with the latest OWASP updates, blog entries and Web Application Security updates!

If you want to follow the latest changes to the OWASP web site, you can now point your favorite newsreader to the [http://www.owasp.org/index.php?title=Special:Recentchanges&feed=atom OWASP recent changes feed] (atom feed).

If you have any content to add to the next edition, feel free to add it directly to its WIKI page ([[OWASP Newsletter 8]]).

Sebastien Deleersnyder

Belgium Chapter Leader

== Featured Item 1: [[OWASP Spring Of Code 2007]] ==

Following the success of last year's Autumn of Code (AoC 06) we are are now launching the OWASP Spring of Code 2007 (SpoC 007) with more budget, more energy and more expectations :)

Here are the main links for this initiative:
* [[OWASP Spring Of Code 2007]] - main page
* [[OWASP Spring Of Code 2007 : Press Release]] - The press release
* [[OWASP Spring Of Code 2007 Project Ideas]] - If you are looking for projects to do
* [[OWASP Spring Of Code 2007 Applications]] - Where to submit Applications
* [[OWASP Spring Of Code 2007 : Selection]] - The selection criteria and links to each selected project page

== Featured Item 2: [[:Category:OWASP Chapter|OWASP Chapters]] ==

Currently there are over 80 OWASP chapters world wide! The OWASP chapters program helps to foster local discussion of application security around the world. Our local chapters are free and open to anyone. Check out the [[:Category:OWASP Chapter|chapters page]] to locate a chapter near you or start a new chapter.

There are a lot of resources available for all chapters: The [[Chapter Rules|Chapter Rules]], the OWASP [[Chapter Leader Handbook|Chapter Leader Handbook ]] and if you are short of local chapter material, we have started to make available presentations in the monthly [[Chapter Presentation Bundles|Chapter Presentation Bundles]].

An extra call for action towards the OWASP (chapter) leaders: If you are in other countries/cities and you would like to participate in a local chapter
meeting, do not hesitate to contact the local chapter leader!

Also have a look at the great [[Phoenix/Tools]] page, created by the [[Phoenix]] chapter.

== Featured Item 3: WASC Threat Classification Project - Call for Participants ==

The WASC Threat Classification Project is seeking people to contribute towards The Threat Classification Version 2.0. Time has passed since the initial TC release, and it's important to keep this widely utilized document up to date.

Project Homepage: http://www.webappsec.org/projects/threat/

Interested participants can contact 'contact_@_webappsec.org' with any questions.

== Featured Project: [[:Category:OWASP SWAAT Project|OWASP SWAAT Project]] ==
SWAAT is a free web application source code analysis tool. SWAAT searches through source code and analyzes against the database of potentially dangerous strings given in the .xml files. Thus it does NOT positively identify the existence of a vulnerability - this generally requires application contextual knowledge. It identifies the usage of functions / strings / SQL that could lead to a finding. All potentially dangerous code references are included in the output report.

Future releases of SWAAT will include:
* a graphical user interface (GUI)
* integrated development environment (IDE) plug-ins
* more sophisticated functionality and logic (for example to work with .java source)

SWAAT was generously donated by [http://www.securitycompass.com Security Compass]

== Featured Event: Application Security Track at Spring <br /> Conference 2007 (Athens, OH Mar-22) ==
Harden web applications against the OWASP "Top 10 Threats"! The Spring <br /> Conference 2007 is held on Thursday, March 22, 2007 on the campus of Ohio University in Athens, Ohio. They have a dedicated Application Security track and more in this day long event that has been described as, "one of the best kept secrets in Information Technology!".

At this event, the fifth annual, Joel Stanley of Resource Interactive, in Columbus, OH, will share his experiences in maintaining applications with user bases as large as 15+ million. He'll explore how to utilize standards by which application security and vulnerability can be judged. Join hundreds of your IT professional peers in this and your choices of thirty-four other sessions in seven tracks at this day long event that costs only $35 (including your lunch!). Ben Forta, Chief Product Evangelist of Adobe Systems will be giving the Key Note presentation, plus Ben will be back to give a presentation at the Lunchtime Session as well. Visit [http://www.sbconference.com http://www.sbconference.com] for all the details and to register online!

== Latest additions to the WIKI ==

==== New Pages====
* [[‎OWASP Spring Of Code 2007]]
* [[Kansas City March 2007 Meeting]]
* [[Authorization form]]
* [[Session Fixation in Java]]

==== New Documents & Presentations from chapters====
* [[Media:KC_Mar2007_Advanced_Injection_Attacks.zip|Advanced Injection Attacks]] from the [[Kansas City]] chapter meeting (ppt within a zip)<br/>
* [[Media:KC_Mar2007_Flash_Security.pdf|Adobe Flash Security]] from the [[Kansas City]] chapter meeting (pdf)<br/>
* Luca Carettoni has published an interview to OWASP-Italy (OWASP interviews OWASP :) ) [http://blog.html.it/archivi/2007/02/26/quattro-chiacchiere-con-owasp-italia.php Here] the full article (in Italian).
* [[Image:Web Services Hacking and Hardening.pdf|Web Services Hacking and Hardening]] 3/8/07 NoVA chapter meeting, Adam Vincent from Layer7
For a complete list of chapter presentations see [[OWASP_Education_Presentation|the online table of presentations]].

==== Latest Blog entries====
* [http://blogs.owasp.org/orizon/2007/03/14/quick-updates/ Quick updates (Orizon)]
* [http://blogs.owasp.org/dre/2007/03/09/owasp-phoenix-chapter-meeting-presentation/ OWASP Phoenix chapter meeting presentation]
* [http://blogs.owasp.org/diniscruz/2007/03/09/dns-pinning/ DNS Pinning]

==== Updated pages====
Updated chapter pages:
* [[Philadelphia]]
* [[London]]
* [[Phoenix]]
* [[Kansas City March 2007 Meeting]]
* [[Kansas City]]
* [[New Jersey]]
* [[Italy]]
* [[Austin]]
* [[SanDiego]](new!)
* [[Toronto]]
* [[Helsinki]]
* [[Long Island]]
* [[Switzerland]]

Other pages:
* [[Appendix A: Testing Tools]]
* [[Testing for SQL Server]]
* [[Ajax and Other "Rich" Interface Technologies]]
* [[Testing for business logic]]
* [[:Category:OWASP SWAAT Project]]
* [[Preventing SQL Injection in Java]]
* [[:Category:OWASP WebGoat Project]]
* [[6th OWASP AppSec Conference - Italy 2007]]
* [[OWASP Java Table of Contents]]
* [[Signing jar files with jarsigner]]
* [[Testing for HTTP Methods and XST]]
* [[:Category talk:Code Snippet]]
* [[OWASP Autumn of Code 2006 - Project Completion]]
* [[OWASP Education Presentation]]
* [[:Category:OWASP Education Project]]
* [[How to value the real risk]]
* [[OWASP Education Presentation]]
* [[Category talk:OWASP XML Security Gateway Evaluation Criteria Project]]
* [[WebGoat User Guide Introduction]]
* [[OWASP SiteGenerator]]
* [[Chaining WebScarab onto another proxy]]
* [[Edcuation Track: Web Application Security Primer]]
* [[OWASP Education Presentation]]
* [[DN BOFinder]]
* [[OWASP Newsletter 8]]
* [[OWASP Community]]
* [[Java server (J2EE) code review]]
* [[OWASP Code Review Guide Table of Contents]]
* [[Application Security News]]
* [[Webgoat‎]]
* [[CSRF Guard]]
* [[Testing for SQL Server‎]]
* [[Ajax and Other "Rich" Interface Technologies]]
* [[Testing for business logic]]
* [[:Category:Encoding]]

==== Latest Application Security News====
*'''Mar 15 - [http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx local IE 7 phishing hole]'''
:Provides a nice proof of concept with CNN (Link at the bottom). "Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users." CNET News also picked this up as a [http://news.com.com/2100-1002_3-6167410.html?part=rss&tag=2547-1_3-0-20&subj=news story].
*'''Mar 14 - [http://mybeni.rootzilla.de/mybeNi/2007/gmail_information_disclosure/ GMail Information Disclosure]'''
:Only a tiny XSS hole to demonstrate a disclosure proof-of-concept through AJAX/JSON of all contacts you ever mailed. If a domains covers a lot of functionality and users, one XSS can be devastating. Remember the Google Desktop vulnerability. What is frightening is that it took Beni only ~5 minutes to find a XSS hole.
*'''Mar 8 - [http://myappsecurity.blogspot.com/search/label/reflection Anurag Agarwal's reflection series]'''
:Anurag Agarwal maintains an interesting [http://myappsecurity.blogspot.com/ blog] on Web Application Security. Recently he started a serie of reflections on people active in this field. Up until now he covered Amit Klein, RSnake, Jeremiah Grossman, Ivan Ristic and Sheeraj Shah. Lot's of good pointers to web application research of the last years!

==== OWASP Community====
* Apr 17 (18:00h) - [[Rochester|Rochester chapter meeting]]
* Apr 12 (18:00h) - [[Netherlands|Netherlands chapter meeting]]
* Apr 11 (18:00h) - [[Toronto|Toronto chapter meeting]]
* Apr 10 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]
* Apr 4 (18:30h) - [[Boston|Boston chapter meeting]]
* Apr 3 (18:00h) - [[Melbourne|Melbourne chapter meeting]]
* Mar 28 (11:30h) - [[San Antonio|San Antonio chapter meeting]]
* Mar 22 (18:00h) - [[London|London chapter meeting]]
* Mar 21-22 - [[Belgium#OWASP_Top_10_2007_Update_.28Infosecurity_Belgium.2C_21_.26_.2622_Mar_2007.29|Belgium@InfoSecurity]]
* Mar 20 (18:00h) - [[Rochester|Rochester chapter meeting]]
* Mar 14 (18:00h) - [[Toronto|Toronto chapter meeting]]
* Mar 14 (18:00h) - [[Chicago|Chicago chapter meeting]]
* Mar 13 (18:00h) - [[Virginia (Northern Virginia)|Washington DC (N. VA) chapter meeting]]

== OWASP references in the Media==
* [http://www.net-security.org/secworld.php?id=4882 SPI Dynamics, Inc. Joins OWASP as Vendor Organization Member]

Template:Application Security News

2007-03-19T23:05:45Z

OWASP:

; '''Mar 15 - [http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx local IE 7 phishing hole]'''
:Provides a nice proof of concept with CNN (Link at the bottom). "Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users." CNET News also picked this up as a [http://news.com.com/2100-1002_3-6167410.html?part=rss&tag=2547-1_3-0-20&subj=news story].

; '''Mar 14 - [http://mybeni.rootzilla.de/mybeNi/2007/gmail_information_disclosure/ GMail Information Disclosure]'''
:Only a tiny XSS hole to demonstrate a disclosure proof-of-concept through AJAX/JSON of all contacts you ever mailed. If a domains covers a lot of functionality and users, one XSS can be devastating. Remember the Google Desktop vulnerability. What is frightening is that it took Beni only ~5 minutes to find a XSS hole.

; '''Mar 8 - [http://myappsecurity.blogspot.com/search/label/reflection Anurag Agarwal's reflection series]'''
:Anurag Agarwal maintains an interesting [http://myappsecurity.blogspot.com/ blog] on Web Application Security. Recently he started a serie of reflections on people active in this field. Up until now he covered Amit Klein, RSnake, Jeremiah Grossman, Ivan Ristic and Sheeraj Shah. Lot's of good pointers to web application research of the last years!

; '''Mar 2 - [http://wordpress.org/development/2007/03/upgrade-212/ Wordpress (popular blog software) backdoored]'''
:"Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately."

; '''Mar 1 - [http://www.php-security.org/ the Month of PHP Bugs "formerly known as March"]'''
:"This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core."

; '''Feb 26 - [http://www.securityfocus.com/infocus/1888 Building Secure Applications: Consistent Logging]'''
:SecurityFocus article, "This article examines the dismal state of application-layer logging as observed from the authors’ years of experience in performing source code security analysis on millions of lines of code."

; [[Application Security News|Older news...]]

Template:Featured article

2007-03-16T20:04:44Z

OWASP:

'''[[OWASP Spring Of Code 2007|OWASP Spring Of Code Awarding $110,000 in Grants - Apply NOW]]'''

[[Image:290px-OWASP SpoC2007 Logo.jpg|180px|left]]

Last Fall, the OWASP Foundation [[OWASP Autumn Of Code 2006|gave]] $35,000 in grants to worthy application security projects. This Spring, we're using current membership fees and profits from past conferences to fund a bigger round of [[OWASP Spring Of Code 2007 Project Ideas|projects]].

As a special offer, 100% of all [[Membership|membership]] fees collected during the Spring of Code application period will be added to the total Spring of Code dollar amount awarded.

All [[OWASP Spring Of Code 2007 Applications|applications]] are due by March 14th. The OWASP Spring of Code is not connected to the Google Summer of Code.

Template:Featured article

2007-03-16T20:03:48Z

OWASP:

'''[[OWASP Spring Of Code 2007|OWASP Spring Of Code Awarding $110,000 in Grants - Apply NOW]]'''

[[Image:290px-OWASP SpoC2007 Logo.jpg|150px|left]]

Last Fall, the OWASP Foundation [[OWASP Autumn Of Code 2006|gave]] $35,000 in grants to worthy application security projects. This Spring, we're using current membership fees and profits from past conferences to fund a bigger round of [[OWASP Spring Of Code 2007 Project Ideas|projects]].

As a special offer, 100% of all [[Membership|membership]] fees collected during the Spring of Code application period will be added to the total Spring of Code dollar amount awarded.

All [[OWASP Spring Of Code 2007 Applications|applications]] are due by March 14th. The OWASP Spring of Code is not connected to the Google Summer of Code.

OWASP Spring Of Code 2007

2007-03-16T19:53:15Z

OWASP:

== Main Links ==

* [[OWASP Spring Of Code 2007]] - main page
* [[OWASP Spring Of Code 2007 : Press Release]] - The press release
* [[OWASP Spring Of Code 2007 Project Ideas]] - If you are looking for projects to do
* [[OWASP Spring Of Code 2007 Applications]] - Where to submit Applications
* [[OWASP Spring Of Code 2007 : Selection]] - The selection criteria and links to each selected project page

== Updates ==

* 14 Mar 2007 - '''Submission period is Open!'' - you have till the 30th of March to submit your Application

== Overview ==

[[Image:290px-OWASP SpoC2007 Logo.jpg|290px|left]]

The OWASP Spring of Code 2007 (SpoC 007) aims to financially sponsor contributions to OWASP Projects. ''SpoC 007'' follows up the successful AoC 06 ([[OWASP Autumn Of Code 2006]]) in which 9 projects were sponsored and greatly improved.

The objective of ''SpoC 007'' is to allow contributors to allocate considerable resources on (existent or new) OWASP projects which are relevant and benefitial to the OWASP community.

The initial Budget for ''SpoC 007'' will be $110,000 USD, and it is funded by OWASP (using current membership fees and profits from past conferences) and newly joined members (currently SPI Dynamics and EDS). In parallel with the ''Request for Proposals'' OWASP is also doing a membership drive where all membership fees commited during that period will be allocated to ''SpoC 007'' projects (the new members have the option to chose which projects they would like to sponsor)

The ''SpoC 007'' structure and organization is very similar to the AoC 06 (see [[OWASP Autumn Of Code 2006]],
[[OWASP Autumn of Code 2006 - Applications]] and [[OWASP Autumn of Code 2006 - Selection]] for more details.) whereby the major changes are: Bigger budget (with a $20,000 USD sponsorship), the special project: "10 Donations to Open Source projects" and an Intership

The OWASP Spring Of Code 2007 was launched on the 14th of March 2007 (see [[OWASP Spring Of Code 2007 : Press Release]]) and is not connected to the Google Summer of Code.

For more details please contact Dinis Cruz (dinis.cruz at owasp dot net) directly.

== SpoC 007 Budget ==

The current budget is $110,000 USD (subject to increase pending new memberships):
* Funding sources:
** $92,000 USD - OWASP
** $9,000 USD - SPI Dynamics (to be allocated to OWASP SiteGenerator project)
** $9,000 USD - EDS
* Proposed budget allocation
** $20,000 on 1 Large project
** $50,000 on Big projects - 10 projects @ $5,000 each
** $20,000 on Medium projects - 8 projects @ $2,500 each
** $10,000 on 1 internship (at Aspect's offices)
** $10,000 on Donations to Open Source projects: 10 donations of $1,000 each

Projects will be managed by the OWASP Project leader. Oversight will be provided by Andrew van der Stock, Jeff Williams, Dinis Cruz, and/or Dave Wichers.

Payments can be made via Wire Transfer, US Check or PayPal in 2 stages: 50% halfway and 50% on completion.

Note: the proposed budget allocation is just a guideline and the final values will be adjusted based on the sucessful proposals.

== Who Can Apply? ==

There are no geographical, age or any other form of restrictions of who can apply for an "OWASP Spring Of Code 2007" sponsorship.

The only requirement is that the candidate shows the potential to accomplish the project's objectives and the commitment to dedicate the time required to complete it in the allocated time frame (projects must be completed by 9th July 2007).

This means that current active OWASP Project contributors (including Project leaders) can apply (for obvious reasons, the only ones that can't apply are Dinis, Dave, Jeff and Andrew)

== How To Participate ==

Select a project you want to work on and write a proposal :)

For ideas on projects that OWASP is looking to sponsor see the current list of [[:Category:OWASP_Project]]s and the [[OWASP Spring Of Code 2007 Project Ideas]] page

To submit a project, you will need to submit it (i.e. post it) on the [[OWASP Spring Of Code 2007 Applications]] page (DON'T send your propoposal direcly). Note that no sensitive personal details should be posted in that page (full name, address, credit cards, SSN, ATM pin numbers, private PKI keys, etc...).

Once you are happy with it, send an email to Dinis Cruz (dinis.cruz at owasp dot net) with the following details:

* Link to your proposal
* Contact details
* Additional information about your proposal (for example in the AoC some proposals were supported by a PDF with additional details)

Dinis (and the relevant project leader) can also be contacted to discuss issues related to ''SpoC 007'' applications (for example project ideas, review of draft proposals, etc...)

== Schedule ==
'''Main dates'''
* 14th March – 'OWASP Spring of Code' initiative is officially launched
* 30th March - Deadline for project proposals
* 9th April - Publish of selected projects and start of SpoC projects
* 9th July - Project Completion, participants to deliver final project report (and receive payment of final 50%)

'''Project milestones'''
* 1st April - Start of Vote for the Donations to Open Source Projects
* 30th April - End of Vote for the Donations to Open Source Projects
* 16th May - Update of Project status on OWASP Conference in Italy
* 17th May - Announcement of the winners of the '10 Donations to Open Source projects' on OWASP Conference in Italy
* 21st May - Participants to report on project status (and receive payment of initial 50%)

== Special Project: 10 $1,000 USD grants to Open Source projects ==

As part of the ''SpoC 007'' budget, OWASP will distribute 10 $1,000 USD grants to 10 Open Source projects selected as very usefull by the OWASP community.

These grants are a no-strings attached '''"Thanks for the hard work in creating this tool (which is widely used and appreciated in the OWASP community) and please keep working on the next version"'''.

OWASP Members (and only the members) will be asked to vote on the top 10 Open Source projects they use regularly and find useful. Each corporate member vote will be count for 10 points and each individual members vote count for 1 point.

The payments will be be made to the top 10 scored projects.

Of course that OWASP projects are excluded from the voting since they can apply to ''SpoC 007'' directly.

In the future (i.e. when enough budget is avaialble), OWASP would like to extend this Special Project to include a a $10,000 USD (per project) source code review exercise.

== Membership Drive, Specific project sponsorship and match funding ==

As part of the ''SpoC 007'' initiative OWASP would like to invite individuals and companies that benefit from OWASP projects to join OWASP as a member (see [[Membership]] for more details). In addition to the current [[Membership#Benefits_of_Membership|Membership benefits]], new members will be able to allocate their membership fees to projects that are interrested in (for example SPI Dinamics is sponsoring the [[OWASP SiteGenerator]] project).

==== Specific project sponsorship ====

In addition, if your (i.e. your company) has a particular requirement which a current OWASP project has the potential to fulfill, and you realize that it will be cheaper for you to sponsor that project with a couple of developers, please contact Dinis Cruz with your requirements, ideas, time-scales and budget.

==== Match Funding ====

Another alternative will be to 'match fund' OWASP project sponsorships, for example project XYZ gets a sponsorship of $30,000 USD with 15,000 from OWASP and 15,000 from an interrested party

== The Rules bit ==
* By participating and submiting your application you authorize OWASP to publicize your participation in the program and the results of the program for the purposes of executing on program logistics, including but not limited to announcements of accepted proposals, the text of the accepted proposal and the resulting code from work on the project. Additional details solicited by OWASP as part of the application process, including URLs for personal blogs, will be shared with the public with the accepted applicant's permission.
* All project's deliverables will be publicly hosted by OWASP.
* All code / materials created by the participants must be released under an Open Source Initiative approved license. The participant may mirror development on her/his personal infrastructure at her/his option.
* OWASP reserves the right, at its sole discretion, to revoke any and all privileges associated with participating in this program, and to take any other action it deems appropriate, for no reason or any reason whatsoever. OWASP reserves the right to cancel, terminate or modify the program if it is not capable of completion as planned for any reason.
* Participants and OWASP is free to use the results, including code, of the OWASP Spring of Code Program in any way they choose provided it is not in conflict with the license under which the code was developed.
* Basically, if you don't deliver you will NOT be paid
* No member of the OWASP board is allowed to apply to a SpoC sponsorship (Dinis, Dave, Andrew and Jeff)

== The important bit ==

* yes there will be a t-shirt available for all participants

OWASP Spring Of Code 2007

2007-03-14T13:44:41Z

OWASP: /* SpoC 007 Budget */

== Main Links ==

* [[OWASP Spring Of Code 2007]] - main page
* [[OWASP Spring Of Code 2007 : Press Release]] - The press release
* [[OWASP Spring Of Code 2007 Project Ideas]] - If you are looking for projects to do
* [[OWASP Spring Of Code 2007 Applications]] - Where to submit Applications
* [[OWASP Spring Of Code 2007 : Selection]] - The selection criteria and links to each selected project page

== Updates ==

* 14 Mar 2007 - '''Submission period is Open!'' - you have till the 30th of March to submit your Application

== Overview ==

[[Image:290px-OWASP SpoC2007 Logo.jpg|290px|left]]

The OWASP Spring of Code 2007 (SpoC 007) aims to financially sponsor contributions to OWASP Projects. ''SpoC 007'' follows up the successful AoC 06 ([[OWASP Autumn Of Code 2006]]) in which 9 projects were sponsored and greatly improved.

The objective of ''SpoC 007'' is to allow contributors to allocate considerable resources on (existent or new) OWASP projects which are relevant and benefitial to the OWASP community.

The initial Budget for ''SpoC 007'' will be $110,000 USD, and it is funded by OWASP (using current membership fees and profits from past conferences) and newly joined members (currently SPI Dinamics and EDS). In parallel with the ''Request for Proposals'' OWASP is also doing a membership drive where all membership fees commited during that period will be allocated to ''SpoC 007'' projects (the new members have the option to chose which projects they would like to sponsor)

The ''SpoC 007'' structure and organization is very similar to the AoC 06 (see [[OWASP Autumn Of Code 2006]],
[[OWASP Autumn of Code 2006 - Applications]] and [[OWASP Autumn of Code 2006 - Selection]] for more details.) whereby the major changes are: Bigger budget (with a $20,000 USD sponsorship), the special project: "10 Donations to Open Source projects" and an Intership

The OWASP Spring Of Code 2007 was launched on the 14th of March 2007 (see [[OWASP Spring Of Code 2007 : Press Release]]) and is not connected to the Google Summer of Code.

For more details please contact Dinis Cruz (dinis.cruz at owasp dot net) directly.

== SpoC 007 Budget ==

The current budget is $110,000 USD (subject to increase pending new memberships):
* Funding sources:
** $92,000 USD - OWASP
** $9,000 USD - SPI Dynamics (to be allocated to OWASP SiteGenerator project)
** $9,000 USD - EDS
* Proposed budget allocation
** $20,000 on 1 Large project
** $50,000 on Big projects - 10 projects @ $5,000 each
** $20,000 on Medium projects - 8 projects @ $2,500 each
** $10,000 on 1 internship (at Aspect's offices)
** $10,000 on Donations to Open Source projects: 10 donations of $1,000 each

Projects will be managed by the OWASP Project leader. Oversight will be provided by Andrew van der Stock, Jeff Williams, Dinis Cruz, and/or Dave Wichers.

Payments can be made via Wire Transfer, US Check or PayPal in 2 stages: 50% halfway and 50% on completion.

Note: the proposed budget allocation is just a guideline and the final values will be adjusted based on the sucessful proposals.

== Who can Apply ==

There are no geographical, age or any other form of restrictions of who can apply for an "OWASP Spring Of Code 2007" sponsorship.

The only requirement is that the candidate shows the potential to accomplish the project's objectives and the commitment to dedicate the time required to complete it in the allocated time frame (projects must be completed by 9th July 2007).

This means that current active Owasp Project contributors (including Project leaders) can apply (for obvious reasons, the only ones that can't apply are Dinis, Dave, Jeff and Andrew)

== How To Participate ==

Select a project you want to work on and write a proposal :)

For ideas on projects that OWASP is looking to sponsor see the current list of [[:Category:OWASP_Project]]s and the [[OWASP Spring Of Code 2007 Project Ideas]] page

To submit a project, you will need to submit it (i.e. post it) on the [[OWASP Spring Of Code 2007 Applications]] page (DON'T send your propoposal direcly). Note that no sensitive personal details should be posted in that page (full name, address, credit cards, SSN, ATM pin numbers, private PKI keys, etc...).

Once you are happy with it, send an email to Dinis Cruz (dinis.cruz at owasp dot net) with the following details:

* Link to your proposal
* Contact details
* Additional information about your proposal (for example in the AoC some proposals were supported by a PDF with additional details)

Dinis (and the relevant project leader) can also be contacted to discuss issues related to ''SpoC 007'' applications (for example project ideas, review of draft proposals, etc...)

== Schedule ==
'''Main dates'''
* 14th March – 'OWASP Spring of Code' initiative is officially launched
* 30th March - Deadline for project proposals
* 9th April - Publish of selected projects and start of SpoC projects
* 9th July - Project Completion, participants to deliver final project report (and receive payment of final 50%)

'''Project milestones'''
* 1st April - Start of Vote for the Donations to Open Source Projects
* 30th April - End of Vote for the Donations to Open Source Projects
* 16th May - Update of Project status on OWASP Conference in Italy
* 17th May - Announcement of the winners of the '10 Donations to Open Source projects' on OWASP Conference in Italy
* 21st May - Participants to report on project status (and receive payment of initial 50%)

== Special Project: 10 $1,000 USD grants to Open Source projects ==

As part of the ''SpoC 007'' budget, OWASP will distribute 10 $1,000 USD grants to 10 Open Source projects selected as very usefull by the OWASP community.

These grants are a no-strings attached '''"Thanks for the hard work in creating this tool (which is widely used and appreciated in the OWASP community) and please keep working on the next version"'''.

OWASP Members (and only the members) will be asked to vote on the top 10 Open Source projects they use regularly and find useful. Each corporate member vote will be count for 10 points and each individual members vote count for 1 point.

The payments will be be made to the top 10 scored projects.

Of course that OWASP projects are excluded from the voting since they can apply to ''SpoC 007'' directly.

In the future (i.e. when enough budget is avaialble), OWASP would like to extend this Special Project to include a a $10,000 USD (per project) source code review exercise.

== Membership Drive, Specific project sponsorship and match funding ==

As part of the ''SpoC 007'' initiative OWASP would like to invite individuals and companies that benefit from OWASP projects to join OWASP as a member (see [[Membership]] for more details). In addition to the current [[Membership#Benefits_of_Membership|Membership benefits]], new members will be able to allocate their membership fees to projects that are interrested in (for example SPI Dinamics is sponsoring the [[OWASP SiteGenerator]] project).

==== Specific project sponsorship ====

In addition, if your (i.e. your company) has a particular requirement which a current OWASP project has the potential to fulfill, and you realize that it will be cheaper for you to sponsor that project with a couple of developers, please contact Dinis Cruz with your requirements, ideas, time-scales and budget.

==== Match Funding ====

Another alternative will be to 'match fund' OWASP project sponsorships, for example project XYZ gets a sponsorship of $30,000 USD with 15,000 from OWASP and 15,000 from an interrested party

== The Rules bit ==
* By participating and submiting your application you authorize OWASP to publicize your participation in the program and the results of the program for the purposes of executing on program logistics, including but not limited to announcements of accepted proposals, the text of the accepted proposal and the resulting code from work on the project. Additional details solicited by OWASP as part of the application process, including URLs for personal blogs, will be shared with the public with the accepted applicant's permission.
* All project's deliverables will be publicly hosted by OWASP.
* All code / materials created by the participants must be released under an Open Source Initiative approved license. The participant may mirror development on her/his personal infrastructure at her/his option.
* OWASP reserves the right, at its sole discretion, to revoke any and all privileges associated with participating in this program, and to take any other action it deems appropriate, for no reason or any reason whatsoever. OWASP reserves the right to cancel, terminate or modify the program if it is not capable of completion as planned for any reason.
* Participants and OWASP is free to use the results, including code, of the OWASP Spring of Code Program in any way they choose provided it is not in conflict with the license under which the code was developed.
* Basically, if you don't deliver you will NOT be paid
* No member of the OWASP board is allowed to apply to a SpoC sponsorship (Dinis, Dave, Andrew and Jeff)

== The important bit ==

* yes there will be a t-shirt available for all participants

Webgoat

2007-03-13T04:08:38Z

OWASP: Redirecting to Category:OWASP WebGoat Project

#redirect [[:Category:OWASP WebGoat Project]]

Category:OWASP SWAAT Project

2007-03-12T11:22:55Z

OWASP:

== Overview ==

'''SWAAT''' is a free web application source code analysis tool. SWAAT searches through source code and analyzes against the database of potentially dangerous strings given in the .xml files. Thus it does NOT positively identify the existence of a vulnerability - this generally requires application contextual knowledge. It identifies the usage of functions / strings / SQL that could lead to a finding. All potentially dangerous code references are included in the output report.

The current version of SWAAT works only with server pages. Expect to see enhanced functionality in future versions of the application.

== Goals ==

The aim of SWAAT is to help developers, testers, security staff, and auditors locate potentially dangerous portions of source code; it is designed to assist source code review.

After reviewing millions of lines of source code, most security professionals believe that automated run-time analysis tools are useful at identifying simple, common vulnerabilities. In most cases, however, the vast majority of vulnerabilities require human intelligence and knowledge of the application. SWAAT helps to reduce the burden of source code review by identifying potentially dangerous functions and strings in code and explaining both how they may be dangerous and how to mitigate potential risks.

== Download ==

You can download the zip from http://www.securitycompass.com/swaat.html

== System Requirements ==

SWAAT was designed for the [http://msdn2.microsoft.com/en-us/netframework/aa731542.aspx. NET Framework] 1.1.4322 or greater. SWAAT has been successfully tested on both Windows and Linux using [http://www.mono-project.com/Main_Page Mono.]

== Execution ==

SWAAT is a command-line driven program for Windows and under Mono for Linux. In this first release, SWAAT must be run from within its installation directory.

The scenario below shows a simple execution of SWAAT:

c:\program files\swaat> swaat ..\myapp

Here we are running SWAAT on all files in the "c:\program files\myapp" directory.

You can optionally execute swaat on specific files:

c:\program files\swaat> swaat ..\myApp\somefile.php

Results of the analysis are listed by default in a file called SWAAT-<year month day time>.html (e.g. SWAAT-20060723164024.html). If you wish to specify a different file use the –o option:

c:\program files\swaat> swaat –o myOutput.html ..\myApp

You may optionally turn off the xsl transform and simply save the raw xml results by using the –x option:

c:\program files\swaat> swaat –x ..\myApp\*.php

By running SWAAT you agree to the license terms described in license.txt

== Additional Options ==

SWAAT allows for two other options, the “–a lang” option and the “–i” option:

* The “-a lang” allows you to force all extensions to be mapped to a particular language.

c:\program files\swaat> swaat –a PHP ..\myApp\

Note: Please ensure the language type must be in upper case (ASP, JSP, PHP).

* The –I option ignores case when reading the content of the files as well as while reading the functions provided in the signature files.

== Configuration ==

This version of SWAAT works on JSP, ASP .Net, and PHP. It also searches for generic indicators such as "SQL" and "Password", so it may provide some value on other platforms.
Singatures for ASP, JSP and PHP functions are in their respective asp.xml, jsp.xml and php.xml files. Each signature file has mandatory XML tags "vuln match" and "type" and optional tags "severity" and "alt".

* "vuln match" contains the string token to search for
* "type" masp to a type of vulnerability as described in the "msg name" tags in msg.xml (e.g. userinput, racecondition, OSScripting, etc.)
* "severity" specifies the risk level (high, medium, or low)
* "alt" is a suggestion for an alternative, lower risk function to use (e.g. SecureRandom instead of Random)

In addition, the file embedded.xml looks for expressions across all three types of files (Java, ASP, and PHP). All "vuln match" tags in embedded.xml must start and end with ".*" wild card characters.

Regular expression searches can be added to any of the above-mentioned xml files.

The "vuln match" must contain the regular expression to search for. The following characters must be escaped with with a '\' character to be interpreted literally: ^ $ | ? . ( ) \ + * (e.g. "=".*\^" would find the literal string "^foobar").

== Future Development ==

Future releases of SWAAT will include:

* a graphical user interface (GUI)
* integrated development environment (IDE) plug-ins
* more sophisticated functionality and logic (for example to work with .java source)

== Feedback and Participation ==

We hope you find the OWASP SWAAT Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. An OWASP SWAAT Project mailing list currently does not exist, but please check back here at a later date.

If you do make any additions to the configuration files or have any contributions to the findings database, please send them to owasp@owasp.org so they can be included in the next release.

== Project Sponsors ==

SWAAT was generously donated by [http://www.securitycompass.com http://www.securitycompass.com/images/logo_small.JPG]

Category:OWASP Project

2007-03-12T11:22:25Z

OWASP: /* Alpha Status Projects */

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team.

To propose a new project, please send an email to [mailto:owasp@owasp.org?subject=New_OWASP_Project_idea owasp@owasp.org]

Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page.

==Release Quality Projects==

<table><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>

; [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
: an online training environment for hands-on learning about application security

; [[:Category:OWASP WebScarab Project|OWASP WebScarab Project]]
: a tool for performing all types of security testing on web applications and web services

</td><td>

; [[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]]
: FAQ covering many application security topics

; [[:Category:OWASP Guide Project|OWASP Guide Project]]
: a massive document covering all aspects of web application and web service security

; [[:Category:OWASP Legal Project|OWASP Legal Project]]
: a project focused on contracting for secure software

; [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]
: an awareness document that describes the top ten web application security vulnerabilities

</td></tr></table>

==Beta Status Projects==

<table valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>

; [[:Category:OWASP CAL9000 Project|OWASP CAL9000 Project]]
: a JavaScript based web application security testing suite

; [[:Category:OWASP Encoding Project|OWASP Encoding Project]]
: a project focused on the development of encoding best practices for web applications.

; [[:Category:OWASP LAPSE Project|OWASP LAPSE Project]]
: an Eclipse-based source-code static analysis tool for Java

; [[:Category:OWASP Live CD Project|OWASP Live CD Project]]
: a CD containing ready to use versions of application security analysis and testing tools

; [[:Category:OWASP .NET Project|OWASP .NET Research]]
: a project focused on helping .NET developers build secure applications

; [[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]]
: a project focused on combining automated capabilities with complete manual testing to get the best results

; [[:Category:OWASP Sprajax Project|OWASP Sprajax Project]]
: an open source black box security scanner used to assess the security of AJAX-enabled applications

; [[:Category:OWASP SQLiX Project|OWASP SQLiX Project]]
: a project focused on the development of SQLiX, a full perl-based SQL scanner

; [[:Category:OWASP WSFuzzer Project|OWASP WSFuzzer Project]]
: a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer

; [[ORG_%28Owasp_Report_Generator%29|OWASP Report Generator]]
: a project giving security professionals a way to report and keep track of their projects

; [[Owasp_SiteGenerator|OWASP Site Generator]]
: a project allowing users to create dynamic sites for use in training, web application scanner testing, etc...

</td><td>

; [[:Category:OWASP CLASP Project|OWASP CLASP Project]]
: a project focused on defining process elements that reinforce application security

; [[:Category:OWASP Code Review Project|OWASP Code Review Project]]
: a project to capture best practices for reviewing code

; [[:Category:OWASP Testing Project|OWASP Testing Guide]]
: a project focused on application security testing procedures and checklists

; [[:Category:OWASP Tools Project|OWASP Tools Project]]
: The OWASP Tools Project's goal is to provide unbiased, practical information and guidance about application security tools.

</td></tr></table>

==Alpha Status Projects==

<table valign="top"><tr><th width="50%">Tools</th><th>Documentation</th></tr><tr valign="top"><td>

; [[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]]
: a web application that includes common web application vulnerabilities

; [[:Category:OWASP Interceptor Project|OWASP Interceptor Project]]
: a testing tool for XML web service and Ajax interfaces

; [[:Category:OWASP JBroFuzz|OWASP JBroFuzz Project]]
: a fuzzer application, supporting a number of automated security checks including basic cross site scripting checks (XSS) as well as basic SQL injection testing.

; [[:Category:OWASP Orizon Project|OWASP Orizon Project]]
: a project focused on the development of a flexible code review engine

; [[:Category:OWASP Stinger Project|OWASP Stinger Project]]
: a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications

</td><td>

; [[:Category:OWASP AJAX Security Project|OWASP AJAX Security Guide]]
: investigating the security of AJAX enabled applications

; [[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]]
: establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment

; [[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]]
: identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security

; [[:Category:OWASP Career Development Project|OWASP Career Development Project]]
: The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field.

; [[:Category:OWASP Honeycomb Project|OWASP Honeycomb Project]]
: a comprehensive and integrated guide to the fundamental building blocks of application security

; [[:Category:OWASP Java Project|OWASP Java Project]]
: a project focused on helping Java and J2EE developers build secure applications

; [[:Category:OWASP Logging Project|OWASP Logging Guide]]
: a project to define best practices for logging and log management

; [[:Category:OWASP PHP Project|OWASP PHP Project]]
: a project focused on helping PHP developers build secure applications

; [[:Category:OWASP Validation Project|OWASP Validation Project]]
: a project that provides guidance and tools related to validation

; [[:Category:OWASP WASS Project|OWASP WASS Guide]]
: a standards project to develop more concrete criteria for secure applications

; [[:Category:OWASP XML Security Gateway Evaluation Criteria Project|OWASP XML Security Gateway Evaluation Criteria]]
: a project to define evaluation criteria for XML Security Gateways

; [[:Category:OWASP Education Project|OWASP Education Project]]
: a project to build educational tracks and modules for different audiences

</td></tr></table>

__NOTOC__