OWASP Newsletter 1 - Revision history

KirstenS at 13:06, 7 December 2008

2008-12-07T13:06:46Z

Dinis.cruz: Protected "OWASP Newsletter 1": Newsletter sent - static content now [edit=sysop:move=sysop]

2007-01-15T05:55:30Z

Protected "OWASP Newsletter 1": Newsletter sent - static content now [edit=sysop:move=sysop]

Dinis.cruz at 05:50, 15 January 2007

2007-01-15T05:50:33Z

Sdeleersnyder at 07:43, 9 January 2007

2007-01-09T07:43:39Z

Dinis.cruz: /* Featured Projects: ORG and OSG */

2007-01-08T07:40:37Z

‎Featured Projects: ORG and OSG

Dinis.cruz: /* OWASP News Headlines (from here on owasp.org) */

2007-01-08T07:23:45Z

‎OWASP News Headlines (from here on owasp.org)

Dinis.cruz: /* Latest additions to the WIKI */

2007-01-08T07:22:54Z

‎Latest additions to the WIKI

Dinis.cruz: /* Latest additions to the WIKI */

2007-01-08T07:21:58Z

‎Latest additions to the WIKI

Dinis.cruz: /* Featured Projects: ORG and OSG */

2007-01-08T07:21:35Z

‎Featured Projects: ORG and OSG

Dinis.cruz: /* OWASP Autumn of Code (AoC) update */

2007-01-08T07:10:10Z

‎OWASP Autumn of Code (AoC) update

@@ Line 56: / Line 56: @@
 ** [[Testing: Spidering and googling]]
 ** [[Testing for Application Discovery]]
-** [[Testing for Bypassing Authentication Schema]]
+** [[Testing for Bypassing Authentication Schema  (OWASP-AT-005)|Testing for Bypassing Authentication Schema]]
 ** [[Testing for Error Code]]
 ** [[Buffer Overruns and Overflows]]

← Older revision		Revision as of 05:50, 15 January 2007
Line 105:		Line 105:

	* '''Dec 2 - [http://blogs.oracle.com/security/2006/11/27#a39 Oracle blames security researchers]''' - "We do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing 'zero day' exploits, to be irresponsible." So the question on everybody's mind - is the Oracle Software Security Assurance program real? Or are David Litchfield and Cesar Cerrudo right that Emperor has no clothes?		* '''Dec 2 - [http://blogs.oracle.com/security/2006/11/27#a39 Oracle blames security researchers]''' - "We do not credit security researchers who disclose the existence of vulnerabilities before a fix is available. We consider such practices, including disclosing 'zero day' exploits, to be irresponsible." So the question on everybody's mind - is the Oracle Software Security Assurance program real? Or are David Litchfield and Cesar Cerrudo right that Emperor has no clothes?
		+
		+
		+	__NOEDITSECTION__

@@ Line 62: / Line 62: @@
 ==== OWASP Community (from [[OWASP Community | here]] on owasp.org) ====
 OWASP related events, such as chapter meetings, OWASP conferences, get-togethers, and OWASP sponsored events.
 * '''Jan 17 (18:30h) - [[Denver|Denver chapter meeting]]'''

@@ Line 24: / Line 24: @@
 [[OWASP Report Generator]] (ORG) and [[OWASP Site Generator]](OSG) are projects that have recently been updated through the Autumn of Code.
-[[OWASP Report Generator]] (ORG) is designed for security consultants and aims to aid the creation, management and reporting of security audits (i.e. penetration testing, security assessments, etc). With ORG you can centraly manage and track security assessments projects, while reducing considerably the time spent on non-testing activities. ORG allows for the easy (using Altova's Authentic XML WYSIWYG editor) and quick: a) record/document findings, b) create reports in multiple formats and c) track the findings till they are fixed (additional features: Image copy and paste, Nmap import, plug-in extension,automatic xsd schema verification, archiving and data exports). All data is stored in XML files and all reports (in HTML, PDF, Powerpoint or Excel) are created using XSL transformations.
+[[OWASP Report Generator]] (ORG) is designed for security consultants and aims to aid the creation, management and reporting of security audits (i.e. penetration testing, security assessments, etc). With ORG you can centrally manage and track security assessments projects, while reducing considerably the time spent on non-testing activities. ORG allows for the easy (using Altova's Authentic XML WYSIWYG editor) and quick: a) record/document findings, b) create reports in multiple formats and c) track the findings till they are fixed (additional features: Image copy and paste, Nmap import, plug-in extension,automatic xsd schema verification, archiving and data exports). All data is stored in XML files and all reports (in HTML, PDF, Powerpoint or Excel) are created using XSL transformations.
-[[OWASP Site Generator]](OSG) is a teaching tool that can be used to create dinamic sites build from a predefined list of vulnerabilities (data stored in XML files and new dinamic websites loaded in seconds).  This allows for security trainners to show specific examples of problems and for developers to look at real vulnerable code. It also will allow the assessement of the effectiveness of Web Application Security Scanners and Web Application Firewalls.
+[[OWASP Site Generator]](OSG) is a teaching tool that can be used to create dynamic sites build from a predefined list of vulnerabilities (data stored in XML files and new dinamic websites loaded in seconds).  This allows for security trainers to show specific examples of problems and for developers to look at real vulnerable code. It also will allow the assessment of the effectiveness of Web Application Security Scanners and Web Application Firewalls.
 ==== Latest additions to the WIKI ====

@@ Line 79: / Line 79: @@
 * '''Nov 28 - [http://www.owasp.org/index.php/OWASP_JBroFuzz JBroFuzz 0.3 Released]''' - This version adds a more stable core, length updating for fuzzed POST requests and allows you to specify your own fuzz vectors in a separate file.
-* '''Nov 26 - [http://www.owasp.org/index.php/OWASP_Report_Generator OWASP Report Generator 0.88 Released]''' - A tool for security consultants that supports the documentation and reporting of security vulnerabilities discovered during security.
+* '''Nov 26 - [http://www.owasp.org/index.php/OWASP_Report_Generator OWASP Report Generator 0.88 Released]''' - A tool for security consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.
 * '''Nov 26 - [http://www.owasp.org/index.php/OWASP_Site_Generator OWASP Site Generator v.70 Released]''' - A tool that allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) for testing application security tools.

← Older revision	Revision as of 05:55, 15 January 2007
(No difference)

@@ Line 30: / Line 30: @@
 ==== Latest additions to the WIKI ====
-* '''New pages (or major updates)'''
+* '''New WIKI pages'''
 ** [[PDF Attack Filter for Java EE]] - This is a filter to block XSS attacks on PDF files served by Java EE applications.
 ** [[CSRF Guard]]
 ** [[Books that reference OWASP]]
-* '''Page edits'''
+* '''Relevant WIKI Page edits'''
 ** [[:Category:OWASP Stinger Project|OWASP Stinger Project]] and [[OWASP Validation Project]]
 ** [[Cross-Site Request Forgery]]

@@ Line 34: / Line 34: @@
 ** [[CSRF Guard]]
 ** [[Books that reference OWASP]]
 * '''Page edits'''
@@ Line 52: / Line 45: @@
 ** [[How to test session identifier strength with WebScarab]]
 ** [[Source Code Analysis Tools]]
 * '''OWASP Testing Project''': Here are just a couple links from the 2nd version of the [[OWASP Testing Project]] whose ToC is  here: [[OWASP Testing Guide v2 Table of Contents]]

@@ Line 16: / Line 16: @@
 ==== OWASP Autumn of Code (AoC) update ====
-The end of 2006 marks an important time for OWASP with the successful completion of the Autumn of Code 2006. Four of the nine original projects have been completed and are now officially closed. The completed projects include [[:Category:OWASP CAL9000 Project|CAL9000]], [[OWASP SiteGenerator]], [[OWASP Report Generator]], the [[Testing_Guide]], and the [[OWASP Autumn of Code 2006 - Projects: Website and Branding | Owasp.org Website and Branding website]]. Additionally, three other projects are up for completion and will be finalized in the very near future; including [[:Category:OWASP Pantera Web Assessment Studio Project|Pantera]] (Web Assessment Studio Project), [[OWASP Autumn of Code 2006 - Projects: Web Goat | new WebGoat lessons]], and [[OWASP Autumn of Code 2006 - Projects: Owasp .Net Tools | OWASP Tiger]] (formally named Owasp.net Tools). The remaining two projects, [[OWASP Autumn of Code 2006 - Projects: WebScarab NG | WebScarab NX]] and [[OWASP Autumn of Code 2006 - Projects: Live CD | LiveCD]] have been granted 1 month project extensions.
+The end of 2006 marks an important time for OWASP with the successful completion of the Autumn of Code 2006. Four of the nine original projects have been completed and are now officially closed. The completed projects include [[:Category:OWASP CAL9000 Project|CAL9000]], [[OWASP SiteGenerator]], [[OWASP Report Generator]], the [[Testing_Guide]], and the [[OWASP Autumn of Code 2006 - Projects: Website and Branding | Owasp.org Website and Branding project]]. Additionally, three other projects are up for completion and will be finalized in the very near future; including [[:Category:OWASP Pantera Web Assessment Studio Project|Pantera]] (Web Assessment Studio Project), [[OWASP Autumn of Code 2006 - Projects: Web Goat | new WebGoat lessons]], and [[OWASP Autumn of Code 2006 - Projects: Owasp .Net Tools | OWASP Tiger]] (formally named Owasp.net Tools). The remaining two projects, [[OWASP Autumn of Code 2006 - Projects: WebScarab NG | WebScarab NX]] and [[OWASP Autumn of Code 2006 - Projects: Live CD | LiveCD]] have been granted 2 month project extensions.
-All projects have seen great developments which have been made possible by the hard work and efforts of our AoC participants, project leaders, and community members.
+All projects have seen great developments which have been made possible by the hard work and efforts of our AoC participants, project leaders, community members and owasp membership fees (used to pay the AoC sponsorships)
 ==== Featured Projects: ORG and OSG ====