OWASP - User contributions [en]

OWASP Connections Committee - Application 4

2010-01-12T18:15:30Z

Stephen Evans: Stephen Craig Evans endorsement

[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]

----

{| border="0" align="center" style="width: 100%;"
|-
! align="center" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" colspan="2" | <font color="white">'''COMMITTEE APPLICATION FORM'''</font>
|-
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Applicant's Name'''
| align="left" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" colspan="1" | <font color="black">Jim Manico</font>
|-
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Current and past OWASP Roles'''
| align="left" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" colspan="1" | Podcast super-star
|-
| align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; width: 25%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''Committee Applying for'''
| align="left" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 85%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" colspan="1" | OWASP Connection Committee
|}

----

<br>

----

Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. An incomplete application will not be considered for vote.

----

<br>

----

{| border="0" align="center" style="width: 100%;"
|-
! align="center" style="background: rgb(64, 88, 160) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" colspan="8" | <font color="white">'''COMMITTEE RECOMMENDATIONS'''</font>
|-
! align="center" style="background: white none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black"></font>
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black">'''Who Recommends/Name'''</font>
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black">'''Role in OWASP'''</font>
! align="center" style="background: rgb(123, 138, 189) none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" | <font color="black">'''Recommendation Content'''</font>
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''1'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Martin Knobloch
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Dutch Chapter Leader / GEC chair
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | If anyone, then Jim is a perfect candidate for the connection committee. Not only because his work for the OWASP Podcast!
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''2'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Dan Cornell
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Global Membership Committee Member, San Antonio Chapter Lead
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Jim is an excellent candidate given his historical and ongoing contributions to projects such as the OWASP Podcast and ESAPI
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''3'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Michael Coates
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Global Membership Committee Member, AppSensor Project Lead
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Jim has done an excellent job thus far with his leadership for the OWASP podcast series and has also done a tremendous job promoting ESAPI to new developer audiences. I believe Jim would be an excellent addition to the Global Connections Committee.
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''4'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Brad Causey
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Global Projects Committee Co-Chair, Alabama Chapter Lead
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Jim's podcasts have assisted OWASP in raising visibility to the subject of AppSec and contributed greatly to the growth of the community. Further, Jim has served as the voice of OWASP for some time and perfeclty suited for a role in the Connections Committee. Godspeed Jim.
|-
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 3%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | '''5'''
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Stephen Craig Evans
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 20%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Global Membership Committee, SoC '08 Securing WebGoat using ModSecurity
| align="center" style="background: rgb(204, 204, 204) none repeat scroll 0% 0%; width: 57%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Jim's OWASP podcast series will go next to Gary McGraw's Silver Bullet series in the software security history books - it is that important. He will be ideal for the Connections Committee.
|}

----

OWASP O2 Platform/Sub-Projects/OSSAD

2010-01-03T20:04:51Z

Stephen Evans: /* Project Details */

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.pdf

=== Project Details ===

'''What is OSSAD?'''

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule'''

Nov 23, 2009:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure

Jan 02, 2010:
* Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/
* Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen)
* Write ScrGraph module
* Did more Java grammar control flow statements

Near future:
* Finish up the Java grammar control flow statements
* Start JSP implementation for The Prototype

Less near future:
* Finish JSP implementation for The Prototype
* Start security rules format and Analysis Engine

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org or stephencraig.evans@gmail.com

Thank you.

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

{{:OWASP_O2_Platform/WIKI/bottom}}

OWASP O2 Platform/Sub-Projects/OSSAD

2010-01-03T20:00:51Z

Stephen Evans: /* Project Details */

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.pdf

=== Project Details ===

'''What is OSSAD?'''

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule'''

Nov 23, 2009:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure

Jan 02, 2010:
* Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/
* Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen)
* Write ScrGraph module
* Did more Java grammar control flow statements

Near future:
* Finish up the Java grammar control flow statements
* Start JSP implementation for The Prototype

Less near future:
* Finish JSP implementation for The Prototype
* Start security rules format and Analysis Engine

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

{{:OWASP_O2_Platform/WIKI/bottom}}

OWASP O2 Platform/Sub-Projects/OSSAD

2010-01-03T19:59:38Z

Stephen Evans: Add tasks completed for Jan 02 plus new tasks for future

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.pdf

=== Project Details ===

'''What is OSSAD?'''

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule (tasks to be completed by Monday morning)'''

Nov 23:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure
* Upload to www.o2-ounceopen.com
* Release a new version of the project documentation

Jan 02:
* Upload the source code to http://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/
* Make a QuickStart Guide for developing OSSAD (available here & at o2-ounceopen)
* Write ScrGraph module
* Did more Java grammar control flow statements

Near future:
* Finish up the Java grammar control flow statements
* Start JSP implementation for The Prototype

Less near future:
* Finish JSP implementation for The Prototype
* Start security rules format and Analysis Engine

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

{{:OWASP_O2_Platform/WIKI/bottom}}

OWASP O2 Platform/Sub-Projects/OSSAD

2010-01-03T19:50:43Z

Stephen Evans: /* Documentation */

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_QuickStart_02Jan2010.pdf

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

=== Project Details ===

'''What is OSSAD?'''

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule (tasks to be completed by Monday morning)'''

Nov 23:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure
* Upload to www.o2-ounceopen.com
* Release a new version of the project documentation

Nov.30: SCR Phase 1 (SCR Builder)

Dec.07: Complete SCR Phase 1 (SCR Builder) for Java

Dec.14: SCR Phase 2 (SCR Composer)

Dec.21: Complete SCR Phase 2 (SCR Composer) for Java

Dec.28: JSP ASTBuilder, JSP SCR Phase 1

Jan.04: Complete JSP SCR Phase 2

After Jan.04: Convert WebGoat source code to SCR & debug

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.

{{:OWASP_O2_Platform/WIKI/bottom}}

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-22T20:42:30Z

Stephen Evans: update schedule

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

=== Project Details ===

'''What is OSSAD?'''

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule (tasks to be completed by Monday morning)'''

Nov 23:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure
* Upload to www.o2-ounceopen.com
* Release a new version of the project documentation

Nov.30: SCR Phase 1 (SCR Builder)

Dec.07: Complete SCR Phase 1 (SCR Builder) for Java

Dec.14: SCR Phase 2 (SCR Composer)

Dec.21: Complete SCR Phase 2 (SCR Composer) for Java

Dec.28: JSP ASTBuilder, JSP SCR Phase 1

Jan.04: Complete JSP SCR Phase 2

After Jan.04: Convert WebGoat source code to SCR & debug

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.

{{:OWASP_O2_Platform/WIKI/bottom}}

Global Membership Committee

2009-11-22T18:32:23Z

Stephen Evans: added link to September 24 meeting notes.

'''The Global Membership Committee was created during the OWASP EU Summit in Portugal in 11/2008.'''

Committee Responsibilities:

The Membership Committee recommends policies, procedures, and strategies for enhancing the membership in OWASP both numerically and qualitatively. The committee provides a written plan and recommends policies, procedures, and initiatives to assure a growing and vital membership organization.

Membership Committee

Board Member:[mailto:tomb@owasp.org Tom Brennan]

Committee Chair: [mailto:dan@denimgroup.com Dan Cornell] (U.S.)

[mailto:michael.coates@aspectsecurity.com Michael Coates] (U.S.)

[mailto:stephencraig.evans@gmail.com Stephen Craig Evans] (U.S.)

<hr>

[https://www.owasp.org/index.php/How_to_Join_a_Committee How to join this committee]

[http://lists.owasp.org/mailman/listinfo/global_membership_committee Join our mailing list]

<hr>

'''Meeting Minutes'''

[[GlobalMembershipCommittee_Notes_20091022|October 22, 2009]]

[https://docs.google.com/a/owasp.org/Doc?docid=0AVuyd6k7FXjnZGNqMm1udjNfN2trNDlyMmZr September 24, 2009]

[[GlobalMembershipCommittee_Notes_20090820|August 20, 2009]]

[[GlobalMembershipCommittee_Notes_20090417|April 17, 2009]]

[[GlobalMembershipCommittee_Notes_20090403|April 3, 2009]]

[[GlobalMembershipCommittee_Notes_20090216|February 16, 2009]]

[http://docs.google.com/Doc?id=d28nw9r_13cjgvrqff December 8, 2008]

[http://docs.google.com/Doc?id=d28nw9r_8ghtmqgcj December 1, 2008]

[https://www.owasp.org/index.php/Global_Membership_Committee-archive Archive]

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T04:12:28Z

Stephen Evans: /* Project Details */

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

=== Project Details ===

'''What is OSSAD?'''

OSSAD is be a free, open source, security static analysis tool and is architected to support any programming language that has an EBNF grammar. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule'''

Nov 16-29:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure
* Upload to www.o2-ounceopen.com
* Release a new version of the project documentation

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.

-----
go back to the main [[OWASP O2 Platform]] page

[[Category:OWASP_O2_Platform]]

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T03:57:13Z

Stephen Evans: /* Project Details */

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

=== Project Details ===

'''What is OSSAD?'''

OSSAD will be a free, open source, software security static analysis tool and is architected to support any programming language that has an EBNF. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to follow.

'''Schedule'''

Nov 16-29:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure
* Upload to www.o2-ounceopen.com
* Release a new version of the project documentation

'''Contact'''

Any comments/suggestions/questions are welcome: stephencraig.evans@owasp.org

Thank you.

-----
go back to the main [[OWASP O2 Platform]] page

[[Category:OWASP_O2_Platform]]

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T03:52:43Z

Stephen Evans:

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP.

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License."

Stephen Craig Evans - November 15, 2009

=== Project Details ===

'''What is OSSAD'''

OSSAD will be a free, open source, software security static analysis tool and is architected to support any programming language that has an EBNF. It is for developers who know little or nothing about application security.

Please read the project documentation, which details:
* Motivation
* Strategy
* Architecture
* Current progress
* What a contributor can do to help

The project is at a nascent state and the goal is to have a working Java/JSP implementation in the 1st half of 2010 with other programming languages to quickly follow.

'''Schedule'''

Nov 16-29:
* Fix up this page
* Do a first pass clean up of the source code
* Organize the source code structure
* Upload to www.o2-ounceopen.com.
* Release a new version of the project documentation

'''Contact'''

Any comments/questions are welcome: stephencraig.evans@owasp.org

Thank you.

-----
go back to the main [[OWASP O2 Platform]] page

[[Category:OWASP_O2_Platform]]

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:59:14Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:54:36Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:54:19Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:53:57Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:52:46Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:52:07Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:50:25Z

Stephen Evans:

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:49:47Z

Stephen Evans: tabs don't work - yet - so take out

OWASP O2 Platform/Sub-Projects/OSSAD

2009-11-16T01:45:25Z

Stephen Evans: add tabs

==== Home Page ====

OSSAD stands for One Security Static Analyzer per Developer

=== Documentation ===
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.odt
* https://www.o2-ounceopen.com/files-binaries-source-and-demo/ossad/OSSAD_Security-Static-Analysis-tool_v-0.15Draft.pdf

=== Copyright ===

The current version has been developed by Stephen Craig Evans who assigned the copyright to OWASP

"I assign the copyright of the OSSAD static analysis tool to OWASP and
I will release its code under Apache 2.0 (Open Source license) and the
documents under Creative Commons 3.0 License.

Stephen Craig Evans
November 15, 2009

-----
go back to the main [[OWASP O2 Platform]] page

[[Category:OWASP_O2_Platform]]

==== Project Details ====

'''What is O2'''

O2 is a

'''Schedule'''
Nov 16-22:

Nov 23-29:

'''FAQ'''

1. Why?

'''Contact'''

Global Membership Committee

2009-08-24T15:15:23Z

Stephen Evans: Changed meeting minutes list to descending order

'''The Global Membership Committee was created during the OWASP EU Summit in Portugal in 11/2008.'''

Committee Responsibilities:

The Membership Committee recommends policies, procedures, and strategies for enhancing the membership in OWASP both numerically and qualitatively. The committee provides a written plan and recommends policies, procedures, and initiatives to assure a growing and vital membership organization.

Membership Committee

[mailto:tomb@owasp.org Tom Brennan] Global Board Member

[mailto:Kate.Hartman@owasp.org Kate Hartman] Director of OWASP Foundation

[mailto:dan@denimgroup.com Dan Cornell] (U.S.)

[mailto:michael.coates@aspectsecurity.com Michael Coates] (U.S.)

[mailto:stephencraig.evans@gmail.com Stephen Craig Evans] (U.S.)

<hr>

[https://www.owasp.org/index.php/How_to_Join_a_Committee How to join this committee]

[http://lists.owasp.org/mailman/listinfo/global_membership_committee Join our mailing list]

<hr>

'''Meeting Minutes'''

[[GlobalMembershipCommittee_Notes_20090820|August 20, 2009]]

[[GlobalMembershipCommittee_Notes_20090417|April 17, 2009]]

[[GlobalMembershipCommittee_Notes_20090403|April 3, 2009]]

[[GlobalMembershipCommittee_Notes_20090216|February 16, 2009]]

[http://docs.google.com/Doc?id=d28nw9r_13cjgvrqff December 8, 2008]

[http://docs.google.com/Doc?id=d28nw9r_8ghtmqgcj December 1, 2008]

[https://www.owasp.org/index.php/Global_Membership_Committee-archive Archive]

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:48:31Z

Stephen Evans: /* Attendees: */

== Meeting #6 - Thursday, August 20, 2009 ==

=== Attendees ===

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

=== Minutes (16:00 - 16:45 EDT) ===

* General catch up

* Kate shared with the group the labor-intensive process of shipping out membership kits; including her time, the cost exceeds the available 30 USD per member.

* Current individual membership count is just over 700 and was 652 on August 06.

* Discussed having a Membership Committee presence at the AppSec DC conference November 10-13th. Kate volunteered to be there and do something after the initial rush of registration on the first day; note that she is the only person that can process credit cards on the spot.

* Discussed situations that required voting and who should qualify.
** Electing a board member - electing a 6th Board Member has been discussed - should be done by current OWASP contributors, which include: (1) Paid Members; (2) Board Members; (3) Chapter Leaders; (4) Committee Members; and (5) Project Leaders of active projects as determined by the Global Projects Committee (if somebody belongs to more than one group, they still have only one vote).
** Excluding for board membership, other elections should have a broader base of voters - perhaps including non-member chapter meeting attendees.
** Kate will present the committee's recommendations at the next Board Meeting.

* Discussed getting more organization supporters, focusing on conference sponsors.

* Agreed to have a monthly meeting on the last Thursday of every month at 10 a.m. ET (United States).

=== Next meeting: Thursday, September 24, 2009 10:00 EDT (-4 GMT)===

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:47:19Z

Stephen Evans: /* Next meeting: Thursday, September 24, 2009 - 10:00 EDT (-4 GMT) */

== Meeting #6 - Thursday, August 20, 2009 ==

=== Attendees: ===

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

=== Minutes (16:00 - 16:45 EDT) ===

* General catch up

* Kate shared with the group the labor-intensive process of shipping out membership kits; including her time, the cost exceeds the available 30 USD per member.

* Current individual membership count is just over 700 and was 652 on August 06.

* Discussed having a Membership Committee presence at the AppSec DC conference November 10-13th. Kate volunteered to be there and do something after the initial rush of registration on the first day; note that she is the only person that can process credit cards on the spot.

* Discussed situations that required voting and who should qualify.
** Electing a board member - electing a 6th Board Member has been discussed - should be done by current OWASP contributors, which include: (1) Paid Members; (2) Board Members; (3) Chapter Leaders; (4) Committee Members; and (5) Project Leaders of active projects as determined by the Global Projects Committee (if somebody belongs to more than one group, they still have only one vote).
** Excluding for board membership, other elections should have a broader base of voters - perhaps including non-member chapter meeting attendees.
** Kate will present the committee's recommendations at the next Board Meeting.

* Discussed getting more organization supporters, focusing on conference sponsors.

* Agreed to have a monthly meeting on the last Thursday of every month at 10 a.m. ET (United States).

=== Next meeting: Thursday, September 24, 2009 10:00 EDT (-4 GMT)===

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:45:44Z

Stephen Evans: /* Next meeting: Thursday, September 24, 2009 - 10 a.m. EDT (-4 GMT) */

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:44:43Z

Stephen Evans: /* Next meeting: Thursday, September 24, 2009 - 10 a.m. EST */

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:44:12Z

Stephen Evans: /* Minutes (16:00 - 16:45 EST) */

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:33:03Z

Stephen Evans: /* Minutes (16:00 - 16:45 EST) */

== Meeting #6 - Thursday, August 20, 2009 ==

=== Attendees: ===

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

=== Minutes (16:00 - 16:45 EST) ===

* General catch up

* Kate shared with the group the labor-intensive process of shipping out membership kits; including her time, the cost exceeds the available 30 USD per member.

* Current individual membership count is just over 700 and was 652 on August 06.

* Discussed having a Membership Committee presence at the AppSec DC conference November 10-13th. Kate volunteered to be there and do something after the initial rush of registration on the first day; note that she is the only person that can process credit cards on the spot.

* Discussed situations that required voting and who should qualify.
** Electing a board member - electing a 6th Board Member has been discussed - should be done by current OWASP contributors, which include: (1) Paid Members; (2) Board Members; (3) Chapter Leaders; (4) Committee Members; and (5) Project Leaders of active projects as determined by the Global Projects Committee (if somebody belongs to more than one group, they still have only one vote).
** Excluding for board membership, other elections should have a broader base of voters - perhaps including non-member chapter meeting attendees.
** Kate will present the committee's recommendations at the next Board Meeting.

* Discussed getting more organization supporters, focusing on conference sponsors.

* Agreed to have a monthly meeting on the last Thursday of every month at 10 a.m. EST (United States).

=== Next meeting: Thursday, September 24, 2009 - 10 a.m. EST ===

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:30:53Z

Stephen Evans: 2nd version

== Meeting #6 - Thursday, August 20, 2009 ==

=== Attendees: ===

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

=== Minutes (16:00 - 16:45 EST) ===

* General catch up

* Kate shared with the group the labor-intensive process of shipping out membership kits; including her time, the cost exceeds the available 30 USD per member.

* Current individual membership count is just over 700 and was 652 on August 06.

* Discussed having a Membership Committee presence at the AppSec DC conference November 10-13th. Kate volunteered to be there and do something after the initial rush of registration on the first day; note that she is the only person that can process credit cards on the spot.

* Discussed situations that required voting and who should qualify. Electing a board member - electing a 6th Board Member has been discussed - should be done by current OWASP contributors, which include: (1) Paid Members; (2) Board Members; (3) Chapter Leaders; (4) Committee Members; and (5) Project Leaders of active projects as determined by the Global Projects Committee (if somebody belongs to more than one group, they still have only one vote).

Excluding for board membership, other elections should have a broader base of voters - perhaps including non-member chapter meeting attendees.

Kate will present the committee's recommendations at the next Board Meeting.

* Discussed getting more organization supporters, focusing on conference sponsors.

* Agreed to have a monthly meeting on the last Thursday of every month at 10 a.m. EST (United States).

=== Next meeting: Thursday, September 24, 2009 - 10 a.m. EST ===

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:26:21Z

Stephen Evans:

== Meeting #6 - Thursday, August 20, 2009 ==

=== Attendees: ===

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:26:02Z

Stephen Evans:

== Meeting #6 - Thursday, August 20, 2009 ==

= Attendees: =

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

GlobalMembershipCommittee Notes 20090820

2009-08-24T13:22:57Z

Stephen Evans: first version

== Meeting #6 - Thursday, August 20, 2009 ==

Attendees:

* Michael Coates (host)
* Dan Cornell
* Kate Hartmann
* Stephen Craig Evans

File:Image023-StephenCraigEvans.jpg

2009-08-20T23:39:05Z

Stephen Evans: uploaded "File:Image023-StephenCraigEvans.jpg"

[[File:Image023-StephenCraigEvans.jpg]]

File:Image023-StephenCraigEvans.jpg

2009-08-20T23:38:23Z

Stephen Evans: Created page with 'File:Image023-StephenCraigEvans.jpg'

[[File:Image023-StephenCraigEvans.jpg]]

Global Committee Pages

2009-08-20T23:21:18Z

Stephen Evans: added my name to GMC list

__notoc__
=NEW GLOBAL COMMITTEE STRUCTURE=
OWASP recognized the extraordinary contribution of our most active leaders by engaging them to lead a set of six new committees that report to the [https://www.owasp.org/index.php/Contact OWASP Board of Directors]. Each democratically established committee will focus on a key function or geographic region, such as OWASP projects, conferences, local chapters, membership and industry outreach.

{| style="width:90%" border="0" align="center"
| colspan="7" align="center" style="background:#4058A0; color:white" | '''OWASP GLOBAL COMMITTEES'''
|-
| style="width:15%; background:#f2984c" align="center" | OWASP GLOBAL COMMITTEE
| style="width:15%; background:#f2984c" align="center" | [[Global Projects Committee|'''Projects''']]
| style="width:14%; background:#f2984c" align="center" | [[Global Membership Committee|'''Membership''']]
| style="width:14%; background:#f2984c" align="center" | [[Global Education Committee|'''Education''']]
| style="width:14%; background:#f2984c" align="center" | [[Global Conferences Committee|'''Conferences''']]
| style="width:14%; background:#f2984c" align="center" | [https://www.owasp.org/index.php/Category:Global_Industry_Committee Industry]
| style="width:14%; background:#f2984c" align="center" | [[Global Chapter Committee|'''Chapters''']]
|-
| style="width:15%; background:#cccccc" align="center" | Current volunteer committee members
| style="width:15%; background:#cccccc" align="left" |
* [[:Image:Image021-Jason Li.jpg|Jason Li]]
* [[:Image:Image019-Matt Tesauro.jpg|Matt Tesauro]]
* [[:Image:Image022-Leo Cavallari.jpg|Leo Cavallari]]
* [[:Image:Image020-Pravir Chandra.jpg|Pravir Chandra]]
* [[Global_Projects_and_Tools_Committee_-_Application_2|Brad Causey]]
| style="width:14%; background:#cccccc" align="left" |
* [[:Image:Image018-Dan Cornell.jpg|Dan Cornell]]
* [[:Image:Image017-Michael Coates.jpg|Michael Coates]]
* [[:Image:Image023-StephenCraigEvans.jpg|Stephen Craig Evans]]
| style="width:14%; background:#cccccc" align="left" |
* [[:Image:Image007-Martin Knobloch.jpg|Martin Knobloch]]
* [[:Image:Image012-Mano Paul.jpg|Mano Paul]]
* [[:Image:Image008-Eduardo Neves.jpg|Eduardo Neves]]
* [[:Image:Image010-Kuai Hinjosa.jpg|Kuai Hinjosa]]
* [[:Image:Image011-Cecil Su.jpg|Cecil Su]]
* [[:Image:Image009-Fabio Cerullo.jpg|Fabio Cerullo]]
* [[:Global Education Committee - Application 1|Andrzej Targosz]]
| style="width:14%; background:#cccccc" align="left" |
* [[:Image:Image005-Wayne Huang.jpg|Wayne Huang]]
* [[:Image:Image004-Dhruv Soi.jpg|Dhruv Soi]]
* [[:Global Conferences Committee - Application 1|Mark Bristow]]
| style="width:14%; background:#cccccc" align="left" |
* [[:Image:Image014 Rex Booth.jpg|Rex Booth]]
* [[:Image:Image016-Georg Hess.jpg|Georg Hess]]
* [[:Image:Image013-Eoin Keary.jpg|Eoin Keary]]
* [[:Image:Image015-David Campbell.jpg|David Campbell]]
* [[Global_Industry_Committee_-_Application_1|Colin Watson]]
| style="width:14%; background:#cccccc" align="left" |
* [[:User:Mchalmers|Matthew Chalmers]]
* [[User:Oshezaf|Ofer Shezaf]]
* [[:Image:Image002-Puneet Mehta.jpg|Puneet Mehta]]
|}

<center>[https://www.owasp.org/index.php/How_to_Join_a_Committee '''How to Join a Global Committee''']</center>

==Framework==
===[[Global Projects Committee|Projects]]===
* Drive quality improvement for OWASP Projects
* Manage OWASP Season of Code program
* Highlight strategic projects to meet the long-term mission (for example, [[ESAPI]])

===[[Global Membership Committee|Membership]]===
* Increase individual membership 100% in 18 months ([https://www.owasp.org/index.php/Membership#Categories_of_Membership_.2F_Sponsorship Individuals])
* Increase organizational supporters 100% in 18 months ([https://www.owasp.org/index.php/Membership#Categories_of_Membership_.2F_Sponsorship Supporters])
* Increase university supporters 100% in 18 months

===[[Global Conferences Committee|Conferences]]===
* Identify events per year to be OWASP Conferences that are the primary supporting factor for grant projects, summits and operational costs

===[[Global Education Committee|Education]]===
* Establish a adoptable program that can be incorporated into Univ., and technical education programs that leverages the efforts of many at OWASP to raise the level of awareness to secure software.
* Obtain grants to futher our work
* [http://www.csis.org/component/option,com_csis_pubs/task,view/id,5157 CSIS Report]

===[[Global Industry Committee|Industry]]===
* Start outreach to critical infrastructures worldwide such as:
** electricity generation, transmission and distribution;
** gas production, transport and distribution;
** oil and oil products production, transport and distribution;
** telecommunication;
** water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices));
** agriculture, food production and distribution;
** heating (e.g. natural gas, fuel oil, district heating);
** public health (hospitals, ambulances);
** transportation systems (fuel supply, railway network, airports, harbors, inland shipping);
** financial services (banking, clearing);
** security services (police, military).

''...they all use web applications...some even protect human life as well as PII and credit cards :)''

* Identify issues or "efforts" like the Browser Working Group and others, the group should invite Industry CIO/CISO's (perhaps as a "value" of corporate membership support) to want to publicly collaborate on a document of industry needs that can add value to having the support of OWASP Foundation for the greater good of secure software, a internet based global economic platform and humanitarian needs worldwide

===[[Global Chapter Committee|Chapters]]===
* Enable the support required at the local level to accomplish the overall mission and goals of the association

Global Membership Committee

2009-08-20T23:15:04Z

Stephen Evans: added my name to list plus recent meeting data

'''The Global Membership Committee was created during the OWASP EU Summit in Portugal in 11/2008.'''

Committee Responsibilities:

The Membership Committee recommends policies, procedures, and strategies for enhancing the membership in OWASP both numerically and qualitatively. The committee provides a written plan and recommends policies, procedures, and initiatives to assure a growing and vital membership organization.

Membership Committee

[mailto:tomb@owasp.org Tom Brennan] Global Board Member

[mailto:Kate.Hartman@owasp.org Kate Hartman] Director of OWASP Foundation

[mailto:dan@denimgroup.com Dan Cornell] (U.S.)

[mailto:michael.coates@aspectsecurity.com Michael Coates] (U.S.)

[mailto:stephencraig.evans@gmail.com Stephen Craig Evans] (U.S.)

<hr>

[https://www.owasp.org/index.php/How_to_Join_a_Committee How to join this committee]

[http://lists.owasp.org/mailman/listinfo/global_membership_committee Join our mailing list]

<hr>

'''Meeting Minutes'''

[http://docs.google.com/Doc?id=d28nw9r_8ghtmqgcj December 1, 2008]

[http://docs.google.com/Doc?id=d28nw9r_13cjgvrqff December 8, 2008]

[[GlobalMembershipCommittee_Notes_20090216|February 16, 2009]]

[[GlobalMembershipCommittee_Notes_20090403|April 3, 2009]]

[[GlobalMembershipCommittee_Notes_20090417|April 17, 2009]]

[[GlobalMembershipCommittee_Notes_20090820|August 20, 2009]]

[https://www.owasp.org/index.php/Global_Membership_Committee-archive Archive]

Podcast 33

2009-07-30T03:14:34Z

Stephen Evans: fixed spelling error of Paolo's name

'''[[OWASP_Podcast|OWASP Podcast Series]] #33'''

OWASP Interview with Paolo Perego<br/>
Recorded May 13, 2009<br/>
Published July 25, 2009<br/>

[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_33.mp3 mp3]

==Participants==
<ul>
<li><b>Paolo Perego</b> is the project leader and primary author of the FOSS static analysis tool, OWASP Orizon.</li>
</ul>

OWASP Podcast

2009-07-30T03:12:08Z

Stephen Evans: added to Paolo's entry

==== About ====

'''OWASP Podcast Series Hosted by Jim Manico'''

* The OWASP foundation presents the OWASP PODCAST SERIES hosted by [[User:Jmanico|Jim Manico]] from [http://www.aspectsecurity.com Aspect Security].
* Listen as Jim interviews OWASP volunteers, industry experts and leaders within the field of web application security.
* Questions? Comments? Please email [mailto:podcast@owasp.org podcast@owasp.org]
* Want to see the process and equipment behind the show? [https://www.owasp.org/index.php/Talk:OWASP_Podcast click here]

<table border="0"><tr><td>
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/OWASP_Podcast_200x200.jpg]
</td><td align="center" width="150">
Subscribe<br/>[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png]
</td>
</tr>
</table>

<paypal>OWASP Podcast</paypal>

==== Latest Shows====

<table class="wikitable" border="1">

<tr>
<th>#</th>
<th>Date</th>
<th>Actions</th>
<th>Description</th>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">35</td>
<td NOWRAP VALIGN="TOP">TBD</td>
<td NOWRAP VALIGN="TOP">[[Podcast_35|Show Notes]]</td>
<td VALIGN="TOP">Interview with Anton Chauvakin</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">34</td>
<td NOWRAP VALIGN="TOP">TBD</td>
<td NOWRAP VALIGN="TOP">[[Podcast_34|Show Notes]]</td>
<td VALIGN="TOP">Interview with Amachi Shullman</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">33</td>
<td NOWRAP VALIGN="TOP">July 25, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_33.mp3 Listen Now] | [[Podcast_33|Show Notes]]</td>
<td VALIGN="TOP">Interview with Paolo Perego (OWASP Orizon)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">32</td>
<td NOWRAP VALIGN="TOP">July 21, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_32.mp3 Listen Now] | [[Podcast_32|Show Notes]]</td>
<td VALIGN="TOP">May 2009 News Commentary Recorded June 11 with Arshan Dabirsiaghi, Boaz Gelbord, Jim Manico, Andrew van der Stock and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">31</td>
<td NOWRAP VALIGN="TOP">July 4, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_31.mp3 Listen Now] | [[Podcast_31|Show Notes]]</td>
<td VALIGN="TOP">Interview with Mark Curphey</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">30</td>
<td NOWRAP VALIGN="TOP">July 2, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_30.mp3 Listen Now] | [[Podcast_30|Show Notes]]</td>
<td VALIGN="TOP">Interview with Billy Hoffman and Matt Wood</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">29</td>
<td NOWRAP VALIGN="TOP">June 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_29.mp3 Listen Now] | [[Podcast_29|Show Notes]]</td>
<td VALIGN="TOP">Interview with Justin Clarke</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">28</td>
<td NOWRAP VALIGN="TOP">June 26, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_28.mp3 Listen Now] | [[Podcast_28|Show Notes]]</td>
<td VALIGN="TOP">Interview with Ross J. Anderson</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">27</td>
<td NOWRAP VALIGN="TOP">June 26, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_27.mp3 Listen Now] | [[Podcast_27|Show Notes]]</td>
<td VALIGN="TOP">Interview with Rafal Los</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">26</td>
<td NOWRAP VALIGN="TOP">June 17, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_26.mp3 Listen Now] | [[Podcast_26|Show Notes]]</td>
<td VALIGN="TOP">April 2009 News Commentary Recorded May 28 with Tom Brennan, Andre Gironda, Jim Manico, Alex Smolen and Jeff Williams (part 2)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">25</td>
<td NOWRAP VALIGN="TOP">June 15, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_25.mp3 Listen Now] | [[Podcast_25|Show Notes]]</td>
<td VALIGN="TOP">Interview with James McGovern</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">24</td>
<td NOWRAP VALIGN="TOP">June 12, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_24.mp3 Listen Now] | [[Podcast_24|Show Notes]]</td>
<td VALIGN="TOP">April 2009 News Commentary Recorded May 14 with Andre Gironda, Jim Manico, Alex Smolen and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">23</td>
<td NOWRAP VALIGN="TOP">June 1, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_23.mp3 Listen Now] | [[Podcast_23|Show Notes]]</td>
<td VALIGN="TOP">Interview with Dr. Boaz Gelbord</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">22</td>
<td NOWRAP VALIGN="TOP">May 22, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_22.mp3 Listen Now] | [[Podcast_22|Show Notes]]</td>
<td VALIGN="TOP">Interview with Dan Cornell</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">21</td>
<td NOWRAP VALIGN="TOP">May 20, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_21.ogg Listen Now] | [[Podcast_21|Show Notes]]</td>
<td VALIGN="TOP">Interview with Richard Stallman</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">20</td>
<td NOWRAP VALIGN="TOP">May 13, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_20.mp3 Listen Now] | [[Podcast_20|Show Notes]]</td>
<td VALIGN="TOP">Interview with Mike Bailey</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">19</td>
<td NOWRAP VALIGN="TOP">May 11, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_19.mp3 Listen Now] | [[Podcast_19|Show Notes]] </td>
<td VALIGN="TOP">March 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 2)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">18</td>
<td NOWRAP VALIGN="TOP">April 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_18.mp3 Listen Now] | [[Podcast_18|Show Notes]] </td>
<td VALIGN="TOP">Interview with Jeremiah Grossman</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">17</td>
<td NOWRAP VALIGN="TOP">April 21, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_17.mp3 Listen Now] | [[Podcast_17|Show Notes]] </td>
<td VALIGN="TOP">Interview with Robert Hansen</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">16</td>
<td NOWRAP VALIGN="TOP">April 9, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_16.mp3 Listen Now] | [[Podcast_16|Show Notes]]</td>
<td VALIGN="TOP">Dave Aitel demonstrates cool</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">15</td>
<td NOWRAP VALIGN="TOP">April 4, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_15.mp3 Listen Now] | [[Podcast_15|Show Notes]]</td>
<td VALIGN="TOP">Brian Chess talks about BSIMM</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">14</td>
<td NOWRAP VALIGN="TOP">March 25, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_14.mp3 Listen Now] | [[Podcast_14|Show Notes]]</td>
<td VALIGN="TOP">Pravir Chandra talks about OWASP SAMM</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">13</td>
<td NOWRAP VALIGN="TOP">March 23, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_13.mp3 Listen Now] | [[Podcast_13|Show Notes]]</td>
<td VALIGN="TOP">March 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">12</td>
<td NOWRAP VALIGN="TOP">March 11, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_12.mp3 Listen Now] | [[Podcast_12|Show Notes]]</td>
<td VALIGN="TOP">Interview with Ryan Barnett (OWASP ModSecurity Core Ruleset)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">11</td>
<td NOWRAP VALIGN="TOP">March 4, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_11.mp3 Listen Now] | [[Podcast_11|Show Notes]]</td>
<td VALIGN="TOP">Interview with MITRE (Steve Christey and Bob Martin)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">10</td>
<td NOWRAP VALIGN="TOP">February 26, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_10.mp3 Listen Now] | [[Podcast_10|Show Notes]]</td>
<td VALIGN="TOP">Interview with Ken van Wyk</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">9</td>
<td NOWRAP VALIGN="TOP">February 20, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_9.mp3 Listen Now] | [[Podcast_9|Show Notes]]</td>
<td VALIGN="TOP">February 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 2)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">8</td>
<td NOWRAP VALIGN="TOP">February 20, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3 Listen Now] | [[Podcast_8|Show Notes]]</td>
<td VALIGN="TOP">February 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">7</td>
<td NOWRAP VALIGN="TOP">January 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_7.mp3 Listen Now] | [[Podcast_7|Show Notes]]</td>
<td VALIGN="TOP">Interview with Jeff Williams</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">6</td>
<td NOWRAP VALIGN="TOP">January 24, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_6.mp3 Listen Now] | [[Podcast_6|Show Notes]]</td>
<td VALIGN="TOP">Roundtable with Andre Gironda, Brian Holyfield, Jim Manico, Marcin Wielgoszewski</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">5</td>
<td NOWRAP VALIGN="TOP">January 15, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_5.mp3 Listen Now] | [[Podcast_5|Show Notes]]</td>
<td VALIGN="TOP">Interview with Gary McGraw</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">4</td>
<td NOWRAP VALIGN="TOP">January 13, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_4.mp3 Listen Now] | [[Podcast_4|Show Notes]]</td>
<td VALIGN="TOP">Interview with Andrew van der Stock (OWASP Developers Guide)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">3</td>
<td NOWRAP VALIGN="TOP">December 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_3.mp3 Listen Now] | [[Podcast_3|Show Notes]]</td>
<td VALIGN="TOP">Interview with Matt Tesauro (OWASP Live CD)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">2</td>
<td NOWRAP VALIGN="TOP">December 20, 2008</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_2.mp3 Listen Now] | [[Podcast_2|Show Notes]]</td>
<td VALIGN="TOP">Interview with Stephen Craig Evans (OWASP WebGoat/ModSecurity Project)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">1</td>
<td NOWRAP VALIGN="TOP">November 21, 2008</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_1.mp3 Listen Now] | [[Podcast_1|Show Notes]]</td>
<td VALIGN="TOP">News Commentary by Arshan Dabirsiaghi, Jeremiah Grossman, Jim Manico and Jeff Williams</td>
</tr>

</table>

==== Contributors and Sponsors ====

'''Host and Executive Producer'''
* [[User:Jmanico|Jim Manico]]

'''Host and Producer'''
* Matt Tesauro

'''Mastering, Effects, Audio Tech, Producer'''
* Kevin Coons from ManaTribe

'''News Commentary Copy Editors'''
* [[User:dre|Andre Gironda]]
* Mike Boberski

'''Audio Editors'''
* [[User:Jmanico|Jim Manico]]
* [[User:Marcin|Marcin Wielgoszewski]]
* Kevin Coons from ManaTribe

'''News Commentary Team'''
* Mike Boberski
* [[User:brennan|Tom Brennan]]
* Arshan Dabirsiaghi
* Andre Gironda
* [[User:Jmanico|Jim Manico]]
* Alex Smolen
* Andrew van der Stock
* Jeff Williams

'''Artwork'''
* Larry Casey
* Gareth Heyes

'''Sponsors'''
* The OWASP Foundation
* Music by [http://www.twistedmusic.com/artists/shpongle/ Shpongle] courtesy of [http://www.twistedmusic.com/ Twisted Records]

'''Illuminati-like influence over the Podcast'''
* Tom Brennan
* Jeff Williams
* Dinis Druz
* Kate Hartmann
* [[User:Marcin|Marcin Wielgoszewski]]
* Tracey Schavone
* The OWASP Leadership eList

==== Twitter ====

[http://twitter.com/owasp_podcast http://twitter.com/owasp_podcast]

<twitter>20208646</twitter>

==== Artwork ====

<table border="0">
<tr>
<td>
[http://www.owasp.org/download/jmanico/OWASP_Podcast_200x200.jpg http://www.owasp.org/download/jmanico/OWASP_Podcast_200x200.jpg]
</td>
<td>
Larry Casey
</td>
</tr>
<tr>
<td>
[http://www.owasp.org/download/jmanico/OWASP_Podcast2_200x200.jpg http://www.owasp.org/download/jmanico/OWASP_Podcast2_200x200.jpg]
</td>
<td>
Gareth Heyes
</td>
</tr>
</table>

__NOTOC__
<headertabs/>

OWASP Podcast

2009-07-30T03:10:02Z

Stephen Evans: Changed the spelling of Paolo's name

==== About ====

'''OWASP Podcast Series Hosted by Jim Manico'''

* The OWASP foundation presents the OWASP PODCAST SERIES hosted by [[User:Jmanico|Jim Manico]] from [http://www.aspectsecurity.com Aspect Security].
* Listen as Jim interviews OWASP volunteers, industry experts and leaders within the field of web application security.
* Questions? Comments? Please email [mailto:podcast@owasp.org podcast@owasp.org]
* Want to see the process and equipment behind the show? [https://www.owasp.org/index.php/Talk:OWASP_Podcast click here]

<table border="0"><tr><td>
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/OWASP_Podcast_200x200.jpg]
</td><td align="center" width="150">
Subscribe<br/>[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png]
</td>
</tr>
</table>

<paypal>OWASP Podcast</paypal>

==== Latest Shows====

<table class="wikitable" border="1">

<tr>
<th>#</th>
<th>Date</th>
<th>Actions</th>
<th>Description</th>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">35</td>
<td NOWRAP VALIGN="TOP">TBD</td>
<td NOWRAP VALIGN="TOP">[[Podcast_35|Show Notes]]</td>
<td VALIGN="TOP">Interview with Anton Chauvakin</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">34</td>
<td NOWRAP VALIGN="TOP">TBD</td>
<td NOWRAP VALIGN="TOP">[[Podcast_34|Show Notes]]</td>
<td VALIGN="TOP">Interview with Amachi Shullman</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">33</td>
<td NOWRAP VALIGN="TOP">July 25, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_33.mp3 Listen Now] | [[Podcast_33|Show Notes]]</td>
<td VALIGN="TOP">Interview with Paolo Perego</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">32</td>
<td NOWRAP VALIGN="TOP">July 21, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_32.mp3 Listen Now] | [[Podcast_32|Show Notes]]</td>
<td VALIGN="TOP">May 2009 News Commentary Recorded June 11 with Arshan Dabirsiaghi, Boaz Gelbord, Jim Manico, Andrew van der Stock and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">31</td>
<td NOWRAP VALIGN="TOP">July 4, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_31.mp3 Listen Now] | [[Podcast_31|Show Notes]]</td>
<td VALIGN="TOP">Interview with Mark Curphey</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">30</td>
<td NOWRAP VALIGN="TOP">July 2, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_30.mp3 Listen Now] | [[Podcast_30|Show Notes]]</td>
<td VALIGN="TOP">Interview with Billy Hoffman and Matt Wood</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">29</td>
<td NOWRAP VALIGN="TOP">June 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_29.mp3 Listen Now] | [[Podcast_29|Show Notes]]</td>
<td VALIGN="TOP">Interview with Justin Clarke</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">28</td>
<td NOWRAP VALIGN="TOP">June 26, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_28.mp3 Listen Now] | [[Podcast_28|Show Notes]]</td>
<td VALIGN="TOP">Interview with Ross J. Anderson</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">27</td>
<td NOWRAP VALIGN="TOP">June 26, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_27.mp3 Listen Now] | [[Podcast_27|Show Notes]]</td>
<td VALIGN="TOP">Interview with Rafal Los</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">26</td>
<td NOWRAP VALIGN="TOP">June 17, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_26.mp3 Listen Now] | [[Podcast_26|Show Notes]]</td>
<td VALIGN="TOP">April 2009 News Commentary Recorded May 28 with Tom Brennan, Andre Gironda, Jim Manico, Alex Smolen and Jeff Williams (part 2)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">25</td>
<td NOWRAP VALIGN="TOP">June 15, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_25.mp3 Listen Now] | [[Podcast_25|Show Notes]]</td>
<td VALIGN="TOP">Interview with James McGovern</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">24</td>
<td NOWRAP VALIGN="TOP">June 12, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_24.mp3 Listen Now] | [[Podcast_24|Show Notes]]</td>
<td VALIGN="TOP">April 2009 News Commentary Recorded May 14 with Andre Gironda, Jim Manico, Alex Smolen and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">23</td>
<td NOWRAP VALIGN="TOP">June 1, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_23.mp3 Listen Now] | [[Podcast_23|Show Notes]]</td>
<td VALIGN="TOP">Interview with Dr. Boaz Gelbord</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">22</td>
<td NOWRAP VALIGN="TOP">May 22, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_22.mp3 Listen Now] | [[Podcast_22|Show Notes]]</td>
<td VALIGN="TOP">Interview with Dan Cornell</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">21</td>
<td NOWRAP VALIGN="TOP">May 20, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_21.ogg Listen Now] | [[Podcast_21|Show Notes]]</td>
<td VALIGN="TOP">Interview with Richard Stallman</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">20</td>
<td NOWRAP VALIGN="TOP">May 13, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_20.mp3 Listen Now] | [[Podcast_20|Show Notes]]</td>
<td VALIGN="TOP">Interview with Mike Bailey</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">19</td>
<td NOWRAP VALIGN="TOP">May 11, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_19.mp3 Listen Now] | [[Podcast_19|Show Notes]] </td>
<td VALIGN="TOP">March 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 2)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">18</td>
<td NOWRAP VALIGN="TOP">April 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_18.mp3 Listen Now] | [[Podcast_18|Show Notes]] </td>
<td VALIGN="TOP">Interview with Jeremiah Grossman</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">17</td>
<td NOWRAP VALIGN="TOP">April 21, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_17.mp3 Listen Now] | [[Podcast_17|Show Notes]] </td>
<td VALIGN="TOP">Interview with Robert Hansen</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">16</td>
<td NOWRAP VALIGN="TOP">April 9, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_16.mp3 Listen Now] | [[Podcast_16|Show Notes]]</td>
<td VALIGN="TOP">Dave Aitel demonstrates cool</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">15</td>
<td NOWRAP VALIGN="TOP">April 4, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_15.mp3 Listen Now] | [[Podcast_15|Show Notes]]</td>
<td VALIGN="TOP">Brian Chess talks about BSIMM</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">14</td>
<td NOWRAP VALIGN="TOP">March 25, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_14.mp3 Listen Now] | [[Podcast_14|Show Notes]]</td>
<td VALIGN="TOP">Pravir Chandra talks about OWASP SAMM</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">13</td>
<td NOWRAP VALIGN="TOP">March 23, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_13.mp3 Listen Now] | [[Podcast_13|Show Notes]]</td>
<td VALIGN="TOP">March 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">12</td>
<td NOWRAP VALIGN="TOP">March 11, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_12.mp3 Listen Now] | [[Podcast_12|Show Notes]]</td>
<td VALIGN="TOP">Interview with Ryan Barnett (OWASP ModSecurity Core Ruleset)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">11</td>
<td NOWRAP VALIGN="TOP">March 4, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_11.mp3 Listen Now] | [[Podcast_11|Show Notes]]</td>
<td VALIGN="TOP">Interview with MITRE (Steve Christey and Bob Martin)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">10</td>
<td NOWRAP VALIGN="TOP">February 26, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_10.mp3 Listen Now] | [[Podcast_10|Show Notes]]</td>
<td VALIGN="TOP">Interview with Ken van Wyk</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">9</td>
<td NOWRAP VALIGN="TOP">February 20, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_9.mp3 Listen Now] | [[Podcast_9|Show Notes]]</td>
<td VALIGN="TOP">February 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 2)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">8</td>
<td NOWRAP VALIGN="TOP">February 20, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3 Listen Now] | [[Podcast_8|Show Notes]]</td>
<td VALIGN="TOP">February 2009 News Commentary by Arshan Dabirsiaghi, Andre Gironda, Jim Manico and Jeff Williams (part 1)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">7</td>
<td NOWRAP VALIGN="TOP">January 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_7.mp3 Listen Now] | [[Podcast_7|Show Notes]]</td>
<td VALIGN="TOP">Interview with Jeff Williams</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">6</td>
<td NOWRAP VALIGN="TOP">January 24, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_6.mp3 Listen Now] | [[Podcast_6|Show Notes]]</td>
<td VALIGN="TOP">Roundtable with Andre Gironda, Brian Holyfield, Jim Manico, Marcin Wielgoszewski</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">5</td>
<td NOWRAP VALIGN="TOP">January 15, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_5.mp3 Listen Now] | [[Podcast_5|Show Notes]]</td>
<td VALIGN="TOP">Interview with Gary McGraw</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">4</td>
<td NOWRAP VALIGN="TOP">January 13, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_4.mp3 Listen Now] | [[Podcast_4|Show Notes]]</td>
<td VALIGN="TOP">Interview with Andrew van der Stock (OWASP Developers Guide)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">3</td>
<td NOWRAP VALIGN="TOP">December 30, 2009</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_3.mp3 Listen Now] | [[Podcast_3|Show Notes]]</td>
<td VALIGN="TOP">Interview with Matt Tesauro (OWASP Live CD)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">2</td>
<td NOWRAP VALIGN="TOP">December 20, 2008</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_2.mp3 Listen Now] | [[Podcast_2|Show Notes]]</td>
<td VALIGN="TOP">Interview with Stephen Craig Evans (OWASP WebGoat/ModSecurity Project)</td>
</tr>

<tr>
<td NOWRAP VALIGN="TOP">1</td>
<td NOWRAP VALIGN="TOP">November 21, 2008</td>
<td NOWRAP VALIGN="TOP">[http://www.owasp.org/download/jmanico/owasp_podcast_1.mp3 Listen Now] | [[Podcast_1|Show Notes]]</td>
<td VALIGN="TOP">News Commentary by Arshan Dabirsiaghi, Jeremiah Grossman, Jim Manico and Jeff Williams</td>
</tr>

</table>

==== Contributors and Sponsors ====

'''Host and Executive Producer'''
* [[User:Jmanico|Jim Manico]]

'''Host and Producer'''
* Matt Tesauro

'''Mastering, Effects, Audio Tech, Producer'''
* Kevin Coons from ManaTribe

'''News Commentary Copy Editors'''
* [[User:dre|Andre Gironda]]
* Mike Boberski

'''Audio Editors'''
* [[User:Jmanico|Jim Manico]]
* [[User:Marcin|Marcin Wielgoszewski]]
* Kevin Coons from ManaTribe

'''News Commentary Team'''
* Mike Boberski
* [[User:brennan|Tom Brennan]]
* Arshan Dabirsiaghi
* Andre Gironda
* [[User:Jmanico|Jim Manico]]
* Alex Smolen
* Andrew van der Stock
* Jeff Williams

'''Artwork'''
* Larry Casey
* Gareth Heyes

'''Sponsors'''
* The OWASP Foundation
* Music by [http://www.twistedmusic.com/artists/shpongle/ Shpongle] courtesy of [http://www.twistedmusic.com/ Twisted Records]

'''Illuminati-like influence over the Podcast'''
* Tom Brennan
* Jeff Williams
* Dinis Druz
* Kate Hartmann
* [[User:Marcin|Marcin Wielgoszewski]]
* Tracey Schavone
* The OWASP Leadership eList

==== Twitter ====

[http://twitter.com/owasp_podcast http://twitter.com/owasp_podcast]

<twitter>20208646</twitter>

==== Artwork ====

<table border="0">
<tr>
<td>
[http://www.owasp.org/download/jmanico/OWASP_Podcast_200x200.jpg http://www.owasp.org/download/jmanico/OWASP_Podcast_200x200.jpg]
</td>
<td>
Larry Casey
</td>
</tr>
<tr>
<td>
[http://www.owasp.org/download/jmanico/OWASP_Podcast2_200x200.jpg http://www.owasp.org/download/jmanico/OWASP_Podcast2_200x200.jpg]
</td>
<td>
Gareth Heyes
</td>
</tr>
</table>

__NOTOC__
<headertabs/>

Category:OWASP Securing WebGoat using ModSecurity Project

2009-06-30T01:45:21Z

Stephen Evans: /* Project News */

{{OWASP Book|5082126}}
{{:Project Information:template Securing WebGoat using ModSecurity}}
[[Category:OWASP Project]]
[[Category:OWASP Document]]
[[Category:OWASP Download]]
[[Category:OWASP Beta Quality Document]]

== Welcome to the OWASP Securing WebGoat using ModSecurity Project ==

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v1.0]

== Mailing List ==

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

== Project News ==

* 22 Jun 2009:
** This project was discussed at the end of [https://www.owasp.org/index.php/Podcast_26 OWASP Podcast #26]: April 2009 News Commentary Recorded May 28 with Tom Brennan, Andre Gironda, Jim Manico, Alex Smolen and Jeff Williams (part 2).
*** The WAF discussion starts at 43m49s to the end at 56m15s
*** This project is mentioned from 53m08s until 54m57s (thanks for the great plug, Jeff :-)

* 03 May 2009:
** This project is the subject of the 2nd day of a 2 day training course on writing ModSecurity rules to be given by Ryan Barnett at BlackHat USA at the end of July. The announcement is [http://sourceforge.net/mailarchive/forum.php?thread_name=8A1B4B015C52A54886DF15E9A97C7FB9F5A4A375%40MONET.utopiasystems.net&forum_name=mod-security-users here]; an excerpt of the course description is: "The 2nd day of the class will mainly be spent as a hands-on lab where we will go through the OWASP Securing WebGoat with ModSecurity project which will allow you to test out the latest, cutting-edge rules concepts such as content injection and Lua."

* 28 Apr 2009:
** The direct link to purchase/download the book is [http://www.lulu.com/content/paperback-book/securing-webgoat-using-modsecurity/5082126 here].

* 12 Mar 2009:
** This project was discussed in the context of virtual patching by Ryan C. Barnett in [https://www.owasp.org/index.php/Podcast_12 OWASP Podcast #12] starting at the 20 minute 22 second mark until the 26 minute 10 second mark and beyond.

* 01 Mar 2009:
** This project was discussed (glowingly) by Ken van Wyk in [https://www.owasp.org/index.php/Podcast_10 OWASP Podcast #10] starting at the 16 minute 30 second mark.

* 19 Feb 2009:
** Ryan Barnett of Breach Security gave a presentation based on this project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity" at Black Hat DC 2009: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
*** Whitepaper mentioning project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity":
https://www.blackhat.com/presentations/bh-dc-09/Barnett/BlackHat-DC-09-Barnett-WAF-Patching-Challenge-slides.pdf

* 10 Feb 2009:
** This project in book form can be bought or downloaded (for free) at the OWASP bookstore at http://stores.lulu.com/owasp (thanks a lot to Paulo Coimbra for getting this done).

* 31 Dec 2008:
** This project was discussed by Arshan Dabirsiaghi, Jeff Williams, Jeremiah Grossman, and Jim Manico in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark.
** Project member Stephen Craig Evans talks about the project as the guest of Jim Manico in [https://www.owasp.org/index.php/Podcast_2 OWASP Podcast #2].

* 29 Nov 2008:
** Added Appendix D to wiki, "Additional important stuff", which includes the wiki in a Word document ([https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff here]) and some slide decks
** Tested out the mailing list
** Sent an email to OWASP Leaders and to Kenneth van Wyck's Secure Coding list to inform them of the project and its current state

* 16 Nov 2008 - Added 'Section 4.4: Unfinished Business' which includes discussions about concurrent file access and Lua security.

* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.

* 05 Nov 2008 - Finished incorporating all reviewer comments.

* 22 Oct 2008 - Wiki updates; project near 100% completion.

* 14 Jul 2008 - Project wiki created and under construction.

== Mentions in the Media ==

ModSecurity Blog

http://blog.modsecurity.org/2008/10/securing-webgoat-using-modsecurity.html

OWASP EU Summit in Portugal: Thursday

http://denimgroup.typepad.com/denim_group/2008/11/owasp-eu-summit-in-portugal-thursday.html

OWASP Podcast #2 Securing Webgoat with ModSecurity

http://manicode.blogspot.com/2008/12/owasp-podcast-2-securing-webgoat-with.html

Waffing: ModSecurity applied

http://swende.se/index.php?/archives/26-Waffing-ModSecurity-applied.html

WebGoat, Lua, and ModSecurity verses Password Guessing

http://blog.securitymonks.com/2009/01/10/webgoat-lua-and-modsecurity-verses-password-guessing/

== Contacts ==

stephencraig_dot_evans_at_gmail_dot_com

Category:OWASP Securing WebGoat using ModSecurity Project

2009-06-30T01:42:34Z

Stephen Evans: /* Project News */ add 22 Jun news

{{OWASP Book|5082126}}
{{:Project Information:template Securing WebGoat using ModSecurity}}
[[Category:OWASP Project]]
[[Category:OWASP Document]]
[[Category:OWASP Download]]
[[Category:OWASP Beta Quality Document]]

== Welcome to the OWASP Securing WebGoat using ModSecurity Project ==

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v1.0]

== Mailing List ==

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

== Project News ==

* 22 Jun 2009:
** This project was discussed at the end of [https://www.owasp.org/download/jmanico/owasp_podcast_26.mp3 OWASP Podcast #26]: April 2009 News Commentary Recorded May 28 with Tom Brennan, Andre Gironda, Jim Manico, Alex Smolen and Jeff Williams (part 2).
*** The WAF discussion starts at 43m49s to the end at 56m15s
*** This project is mentioned from 53m08s until 54m57s (thanks for the great plug, Jeff :-)

* 03 May 2009:
** This project is the subject of the 2nd day of a 2 day training course on writing ModSecurity rules to be given by Ryan Barnett at BlackHat USA at the end of July. The announcement is [http://sourceforge.net/mailarchive/forum.php?thread_name=8A1B4B015C52A54886DF15E9A97C7FB9F5A4A375%40MONET.utopiasystems.net&forum_name=mod-security-users here]; an excerpt of the course description is: "The 2nd day of the class will mainly be spent as a hands-on lab where we will go through the OWASP Securing WebGoat with ModSecurity project which will allow you to test out the latest, cutting-edge rules concepts such as content injection and Lua."

* 28 Apr 2009:
** The direct link to purchase/download the book is [http://www.lulu.com/content/paperback-book/securing-webgoat-using-modsecurity/5082126 here].

* 12 Mar 2009:
** This project was discussed in the context of virtual patching by Ryan C. Barnett in [https://www.owasp.org/index.php/Podcast_12 OWASP Podcast #12] starting at the 20 minute 22 second mark until the 26 minute 10 second mark and beyond.

* 01 Mar 2009:
** This project was discussed (glowingly) by Ken van Wyk in [https://www.owasp.org/index.php/Podcast_10 OWASP Podcast #10] starting at the 16 minute 30 second mark.

* 19 Feb 2009:
** Ryan Barnett of Breach Security gave a presentation based on this project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity" at Black Hat DC 2009: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
*** Whitepaper mentioning project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity":
https://www.blackhat.com/presentations/bh-dc-09/Barnett/BlackHat-DC-09-Barnett-WAF-Patching-Challenge-slides.pdf

* 10 Feb 2009:
** This project in book form can be bought or downloaded (for free) at the OWASP bookstore at http://stores.lulu.com/owasp (thanks a lot to Paulo Coimbra for getting this done).

* 31 Dec 2008:
** This project was discussed by Arshan Dabirsiaghi, Jeff Williams, Jeremiah Grossman, and Jim Manico in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark.
** Project member Stephen Craig Evans talks about the project as the guest of Jim Manico in [https://www.owasp.org/index.php/Podcast_2 OWASP Podcast #2].

* 29 Nov 2008:
** Added Appendix D to wiki, "Additional important stuff", which includes the wiki in a Word document ([https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff here]) and some slide decks
** Tested out the mailing list
** Sent an email to OWASP Leaders and to Kenneth van Wyck's Secure Coding list to inform them of the project and its current state

* 16 Nov 2008 - Added 'Section 4.4: Unfinished Business' which includes discussions about concurrent file access and Lua security.

* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.

* 05 Nov 2008 - Finished incorporating all reviewer comments.

* 22 Oct 2008 - Wiki updates; project near 100% completion.

* 14 Jul 2008 - Project wiki created and under construction.

== Mentions in the Media ==

ModSecurity Blog

http://blog.modsecurity.org/2008/10/securing-webgoat-using-modsecurity.html

OWASP EU Summit in Portugal: Thursday

http://denimgroup.typepad.com/denim_group/2008/11/owasp-eu-summit-in-portugal-thursday.html

OWASP Podcast #2 Securing Webgoat with ModSecurity

http://manicode.blogspot.com/2008/12/owasp-podcast-2-securing-webgoat-with.html

Waffing: ModSecurity applied

http://swende.se/index.php?/archives/26-Waffing-ModSecurity-applied.html

WebGoat, Lua, and ModSecurity verses Password Guessing

http://blog.securitymonks.com/2009/01/10/webgoat-lua-and-modsecurity-verses-password-guessing/

== Contacts ==

stephencraig_dot_evans_at_gmail_dot_com

Category:OWASP Securing WebGoat using ModSecurity Project

2009-05-03T14:54:01Z

Stephen Evans: /* Project News */ Added May 03

{{OWASP Book|5082126}}
{{:Project Information:template Securing WebGoat using ModSecurity}}
[[Category:OWASP Project]]
[[Category:OWASP Document]]
[[Category:OWASP Download]]
[[Category:OWASP Beta Quality Document]]

== Welcome to the OWASP Securing WebGoat using ModSecurity Project ==

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v1.0]

== Mailing List ==

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

== Project News ==

* 03 May 2009:
** This project is the subject of the 2nd day of a 2 day training course on writing ModSecurity rules to be given by Ryan Barnett at BlackHat USA at the end of July. The announcement is [http://sourceforge.net/mailarchive/forum.php?thread_name=8A1B4B015C52A54886DF15E9A97C7FB9F5A4A375%40MONET.utopiasystems.net&forum_name=mod-security-users here]; an excerpt of the course description is: "The 2nd day of the class will mainly be spent as a hands-on lab where we will go through the OWASP Securing WebGoat with ModSecurity project which will allow you to test out the latest, cutting-edge rules concepts such as content injection and Lua."

* 28 Apr 2009:
** The direct link to purchase/download the book is [http://www.lulu.com/content/paperback-book/securing-webgoat-using-modsecurity/5082126 here].

* 12 Mar 2009:
** This project was discussed in the context of virtual patching by Ryan C. Barnett in [https://www.owasp.org/index.php/Podcast_12 OWASP Podcast #12] starting at the 20 minute 22 second mark until the 26 minute 10 second mark and beyond.

* 01 Mar 2009:
** This project was discussed (glowingly) by Ken van Wyk in [https://www.owasp.org/index.php/Podcast_10 OWASP Podcast #10] starting at the 16 minute 30 second mark.

* 19 Feb 2009:
** Ryan Barnett of Breach Security gave a presentation based on this project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity" at Black Hat DC 2009: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
*** Whitepaper mentioning project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity":
https://www.blackhat.com/presentations/bh-dc-09/Barnett/BlackHat-DC-09-Barnett-WAF-Patching-Challenge-slides.pdf

* 10 Feb 2009:
** This project in book form can be bought or downloaded (for free) at the OWASP bookstore at http://stores.lulu.com/owasp (thanks a lot to Paulo Coimbra for getting this done).

* 31 Dec 2008:
** This project was discussed by Arshan Dabirsiaghi, Jeff Williams, Jeremiah Grossman, and Jim Manico in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark.
** Project member Stephen Craig Evans talks about the project as the guest of Jim Manico in [https://www.owasp.org/index.php/Podcast_2 OWASP Podcast #2].

* 29 Nov 2008:
** Added Appendix D to wiki, "Additional important stuff", which includes the wiki in a Word document ([https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff here]) and some slide decks
** Tested out the mailing list
** Sent an email to OWASP Leaders and to Kenneth van Wyck's Secure Coding list to inform them of the project and its current state

* 16 Nov 2008 - Added 'Section 4.4: Unfinished Business' which includes discussions about concurrent file access and Lua security.

* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.

* 05 Nov 2008 - Finished incorporating all reviewer comments.

* 22 Oct 2008 - Wiki updates; project near 100% completion.

* 14 Jul 2008 - Project wiki created and under construction.

== Mentions in the Media ==

ModSecurity Blog

http://blog.modsecurity.org/2008/10/securing-webgoat-using-modsecurity.html

OWASP EU Summit in Portugal: Thursday

http://denimgroup.typepad.com/denim_group/2008/11/owasp-eu-summit-in-portugal-thursday.html

OWASP Podcast #2 Securing Webgoat with ModSecurity

http://manicode.blogspot.com/2008/12/owasp-podcast-2-securing-webgoat-with.html

Waffing: ModSecurity applied

http://swende.se/index.php?/archives/26-Waffing-ModSecurity-applied.html

WebGoat, Lua, and ModSecurity verses Password Guessing

http://blog.securitymonks.com/2009/01/10/webgoat-lua-and-modsecurity-verses-password-guessing/

== Contacts ==

stephencraig_dot_evans_at_gmail_dot_com

Category:OWASP Securing WebGoat using ModSecurity Project

2009-05-01T07:41:56Z

Stephen Evans: /* Project News */

{{OWASP Book|5082126}}
{{:Project Information:template Securing WebGoat using ModSecurity}}
[[Category:OWASP Project]]
[[Category:OWASP Document]]
[[Category:OWASP Download]]
[[Category:OWASP Beta Quality Document]]

== Welcome to the OWASP Securing WebGoat using ModSecurity Project ==

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v1.0]

== Mailing List ==

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

== Project News ==

* 28 Apr 2009:
** The direct link to purchase/download the book is [http://www.lulu.com/content/paperback-book/securing-webgoat-using-modsecurity/5082126 here].

* 12 Mar 2009:
** This project was discussed in the context of virtual patching by Ryan C. Barnett in [https://www.owasp.org/index.php/Podcast_12 OWASP Podcast #12] starting at the 20 minute 22 second mark until the 26 minute 10 second mark and beyond.

* 01 Mar 2009:
** This project was discussed (glowingly) by Ken van Wyk in [https://www.owasp.org/index.php/Podcast_10 OWASP Podcast #10] starting at the 16 minute 30 second mark.

* 19 Feb 2009:
** Ryan Barnett of Breach Security gave a presentation based on this project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity" at Black Hat DC 2009: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
*** Whitepaper mentioning project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity":
https://www.blackhat.com/presentations/bh-dc-09/Barnett/BlackHat-DC-09-Barnett-WAF-Patching-Challenge-slides.pdf

* 10 Feb 2009:
** This project in book form can be bought or downloaded (for free) at the OWASP bookstore at http://stores.lulu.com/owasp (thanks a lot to Paulo Coimbra for getting this done).

* 31 Dec 2008:
** This project was discussed by Arshan Dabirsiaghi, Jeff Williams, Jeremiah Grossman, and Jim Manico in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark.
** Project member Stephen Craig Evans talks about the project as the guest of Jim Manico in [https://www.owasp.org/index.php/Podcast_2 OWASP Podcast #2].

* 29 Nov 2008:
** Added Appendix D to wiki, "Additional important stuff", which includes the wiki in a Word document ([https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff here]) and some slide decks
** Tested out the mailing list
** Sent an email to OWASP Leaders and to Kenneth van Wyck's Secure Coding list to inform them of the project and its current state

* 16 Nov 2008 - Added 'Section 4.4: Unfinished Business' which includes discussions about concurrent file access and Lua security.

* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.

* 05 Nov 2008 - Finished incorporating all reviewer comments.

* 22 Oct 2008 - Wiki updates; project near 100% completion.

* 14 Jul 2008 - Project wiki created and under construction.

== Mentions in the Media ==

ModSecurity Blog

http://blog.modsecurity.org/2008/10/securing-webgoat-using-modsecurity.html

OWASP EU Summit in Portugal: Thursday

http://denimgroup.typepad.com/denim_group/2008/11/owasp-eu-summit-in-portugal-thursday.html

OWASP Podcast #2 Securing Webgoat with ModSecurity

http://manicode.blogspot.com/2008/12/owasp-podcast-2-securing-webgoat-with.html

Waffing: ModSecurity applied

http://swende.se/index.php?/archives/26-Waffing-ModSecurity-applied.html

WebGoat, Lua, and ModSecurity verses Password Guessing

http://blog.securitymonks.com/2009/01/10/webgoat-lua-and-modsecurity-verses-password-guessing/

== Contacts ==

stephencraig_dot_evans_at_gmail_dot_com

Category:OWASP Securing WebGoat using ModSecurity Project

2009-05-01T07:39:56Z

Stephen Evans: /* Project News */ Added direct book download link

{{OWASP Book|5082126}}
{{:Project Information:template Securing WebGoat using ModSecurity}}
[[Category:OWASP Project]]
[[Category:OWASP Document]]
[[Category:OWASP Download]]
[[Category:OWASP Beta Quality Document]]

== Welcome to the OWASP Securing WebGoat using ModSecurity Project ==

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v1.0]

== Mailing List ==

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

== Project News ==

* 28 Apr 2009:
** The direct link to purchase/download the book is [http://www.lulu.com/content/paperback-book/securing-webgoat-using-modsecurity/5082126 here.

* 12 Mar 2009:
** This project was discussed in the context of virtual patching by Ryan C. Barnett in [https://www.owasp.org/index.php/Podcast_12 OWASP Podcast #12] starting at the 20 minute 22 second mark until the 26 minute 10 second mark and beyond.

* 01 Mar 2009:
** This project was discussed (glowingly) by Ken van Wyk in [https://www.owasp.org/index.php/Podcast_10 OWASP Podcast #10] starting at the 16 minute 30 second mark.

* 19 Feb 2009:
** Ryan Barnett of Breach Security gave a presentation based on this project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity" at Black Hat DC 2009: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
*** Whitepaper mentioning project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity":
https://www.blackhat.com/presentations/bh-dc-09/Barnett/BlackHat-DC-09-Barnett-WAF-Patching-Challenge-slides.pdf

* 10 Feb 2009:
** This project in book form can be bought or downloaded (for free) at the OWASP bookstore at http://stores.lulu.com/owasp (thanks a lot to Paulo Coimbra for getting this done).

* 31 Dec 2008:
** This project was discussed by Arshan Dabirsiaghi, Jeff Williams, Jeremiah Grossman, and Jim Manico in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark.
** Project member Stephen Craig Evans talks about the project as the guest of Jim Manico in [https://www.owasp.org/index.php/Podcast_2 OWASP Podcast #2].

* 29 Nov 2008:
** Added Appendix D to wiki, "Additional important stuff", which includes the wiki in a Word document ([https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff here]) and some slide decks
** Tested out the mailing list
** Sent an email to OWASP Leaders and to Kenneth van Wyck's Secure Coding list to inform them of the project and its current state

* 16 Nov 2008 - Added 'Section 4.4: Unfinished Business' which includes discussions about concurrent file access and Lua security.

* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.

* 05 Nov 2008 - Finished incorporating all reviewer comments.

* 22 Oct 2008 - Wiki updates; project near 100% completion.

* 14 Jul 2008 - Project wiki created and under construction.

== Mentions in the Media ==

ModSecurity Blog

http://blog.modsecurity.org/2008/10/securing-webgoat-using-modsecurity.html

OWASP EU Summit in Portugal: Thursday

http://denimgroup.typepad.com/denim_group/2008/11/owasp-eu-summit-in-portugal-thursday.html

OWASP Podcast #2 Securing Webgoat with ModSecurity

http://manicode.blogspot.com/2008/12/owasp-podcast-2-securing-webgoat-with.html

Waffing: ModSecurity applied

http://swende.se/index.php?/archives/26-Waffing-ModSecurity-applied.html

WebGoat, Lua, and ModSecurity verses Password Guessing

http://blog.securitymonks.com/2009/01/10/webgoat-lua-and-modsecurity-verses-password-guessing/

== Contacts ==

stephencraig_dot_evans_at_gmail_dot_com

Category:OWASP Securing WebGoat using ModSecurity Project

2009-03-14T20:15:56Z

Stephen Evans: /* Project News */ Added March 12 entry

{{OWASP Book|5082126}}
{{:Project Information:template Securing WebGoat using ModSecurity}}
[[Category:OWASP Project]]
[[Category:OWASP Document]]
[[Category:OWASP Download]]
[[Category:OWASP Beta Quality Document]]

== Welcome to the OWASP Securing WebGoat using ModSecurity Project ==

The purpose of the OWASP Securing WebGoat using ModSecurity Project is to use ModSecurity 2.5 to protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%).

[http://www.owasp.org/index.php/OWASP_Securing_WebGoat_using_ModSecurity_Project Securing WebGoat using ModSecurity Project wiki v1.0]

== Mailing List ==

https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity

owasp-webgoat-using-modsecurity@lists.owasp.org

== Project News ==

* 12 Mar 2009:
** This project was discussed in the context of virtual patching by Ryan C. Barnett in [https://www.owasp.org/index.php/Podcast_12 OWASP Podcast #12] starting at the 20 minute 22 second mark until the 26 minute 10 second mark and beyond.

* 01 Mar 2009:
** This project was discussed (glowingly) by Ken van Wyk in [https://www.owasp.org/index.php/Podcast_10 OWASP Podcast #10] starting at the 16 minute 30 second mark.

* 19 Feb 2009:
** Ryan Barnett of Breach Security gave a presentation based on this project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity" at Black Hat DC 2009: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
*** Whitepaper mentioning project, "WAF Virtual Patching Challenge: Securing WebGoat with ModSecurity":
https://www.blackhat.com/presentations/bh-dc-09/Barnett/BlackHat-DC-09-Barnett-WAF-Patching-Challenge-slides.pdf

* 10 Feb 2009:
** This project in book form can be bought or downloaded (for free) at the OWASP bookstore at http://stores.lulu.com/owasp (thanks a lot to Paulo Coimbra for getting this done).

* 31 Dec 2008:
** This project was discussed by Arshan Dabirsiaghi, Jeff Williams, Jeremiah Grossman, and Jim Manico in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark.
** Project member Stephen Craig Evans talks about the project as the guest of Jim Manico in [https://www.owasp.org/index.php/Podcast_2 OWASP Podcast #2].

* 29 Nov 2008:
** Added Appendix D to wiki, "Additional important stuff", which includes the wiki in a Word document ([https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff here]) and some slide decks
** Tested out the mailing list
** Sent an email to OWASP Leaders and to Kenneth van Wyck's Secure Coding list to inform them of the project and its current state

* 16 Nov 2008 - Added 'Section 4.4: Unfinished Business' which includes discussions about concurrent file access and Lua security.

* 06 Nov 2008 - Gave 2 project presentations at the OWASP EU Summit in Portugal.

* 05 Nov 2008 - Finished incorporating all reviewer comments.

* 22 Oct 2008 - Wiki updates; project near 100% completion.

* 14 Jul 2008 - Project wiki created and under construction.

== Mentions in the Media ==

ModSecurity Blog

http://blog.modsecurity.org/2008/10/securing-webgoat-using-modsecurity.html

OWASP EU Summit in Portugal: Thursday

http://denimgroup.typepad.com/denim_group/2008/11/owasp-eu-summit-in-portugal-thursday.html

OWASP Podcast #2 Securing Webgoat with ModSecurity

http://manicode.blogspot.com/2008/12/owasp-podcast-2-securing-webgoat-with.html

Waffing: ModSecurity applied

http://swende.se/index.php?/archives/26-Waffing-ModSecurity-applied.html

WebGoat, Lua, and ModSecurity verses Password Guessing

http://blog.securitymonks.com/2009/01/10/webgoat-lua-and-modsecurity-verses-password-guessing/

== Contacts ==

stephencraig_dot_evans_at_gmail_dot_com

Category:OWASP Securing WebGoat using ModSecurity Project

2009-03-09T07:40:33Z

Stephen Evans: /* Project News */

Category:OWASP Securing WebGoat using ModSecurity Project

2009-03-09T07:39:21Z

Stephen Evans: /* Project News */ 01 Mar entry & Feb addition

Category:OWASP Securing WebGoat using ModSecurity Project

2009-02-19T20:26:59Z

Stephen Evans: /* Project News */

Category:OWASP Securing WebGoat using ModSecurity Project

2009-02-19T20:26:12Z

Stephen Evans: /* Project News */ add events

Project Information:template Securing WebGoat using ModSecurity

2009-02-03T10:24:47Z

Stephen Evans:

{| style="width:100%" border="0" align="center"
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
| colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Securing WebGoat using ModSecurity Project'''
|-
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
| colspan="7" style="width:85%; background:#cccccc" align="left"|The purpose of this project is to create custom Modsecurity rulesets that, in addition to the Core Set, will protect WebGoat 5.1 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. To ensure that it will be a complete 'no touch' on WebGoat and its environment, ModSecurity will be configured on Apache server as a remote proxy server. For those vulnerabilities that cannot be prevented (partially or not at all), I will document my efforts in attempting to protect them. Business logic vulnerabilities will be particularly challenging to solve.
|-
| style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
| style="width:14%; background:#cccccc" align="center"|Project Leader<br>[[User:Stephen Evans|'''Stephen Craig Evans''']]
| style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
| style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity '''Subscribe here''']<br>[mailto:Owasp-WebGoat-using-ModSecurity(at)lists.owasp.org '''Use here''']
| style="width:17%; background:#cccccc" align="center"|License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
| style="width:14%; background:#cccccc" align="center"|Project Type<br>[[:Category:OWASP_Project#Beta Status Projects|'''Documentation''']]
| style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]
|}

{| style="width:100%" border="0" align="center"
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status'''
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''
! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''
|-
| style="width:29%; background:#cccccc" align="center"|
'''[[:Category:OWASP_Project_Assessment#Beta_Quality_Documentation_Criteria|Beta Quality]]'''<br>[[:OWASP Securing WebGoat using ModSecurity Project - Assessment Frame|Please see here for complete information.]]
| style="width:42%; background:#cccccc" align="center"|
* [[:OWASP Securing WebGoat using ModSecurity Project|Main project page]]
* [[:OWASP ModSecurity Securing WebGoat Section4 Sublesson 04.2|Section 4, Mitigating the WebGoat lessons]]
* [https://www.owasp.org/index.php/Appendix_D:_Additional_important_stuff Project wiki available as Word doc]
*(If appropriate, links to be added)
| style="width:29%; background:#cccccc" align="center"|
[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
|}

Category:OWASP Securing WebGoat using ModSecurity Project

2009-02-03T10:20:50Z

Stephen Evans:

Category:OWASP Securing WebGoat using ModSecurity Project

2009-02-03T10:18:57Z

Stephen Evans: adding some blog references to the project