This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Podcast 26

Jump to: navigation, search

OWASP Podcast Series #26

OWASP NEWS April 2009 (part 2)
Recorded May 28th, 2009
Published June 17th, 2009

overview-icon-itunes20081106.jpg Feed-icon-32x32.png mp3


Host: Jim Manico
Copy Editor: Andre Gironda
Participants: Tom Brennan, Jeff Williams, Alex Smolen, Andre Gironda


4/16 Gary McGraw uses statistics to show that Software Security has come of age
Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)
Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing
OWASP Catalyst announced
Paco lists 5 reasons for software certifications
Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard(R) PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS
Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"
mario heiderich posts some results of browser fuzzing on extraneous characters in tags
The Plynt blog asks the question, "How frequently shoud Applications be Tested?"
Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"
Ryan Barnett gives guidance on how best to make VA+WAF work together
Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance.