OWASP Newsletter 2 - Revision history

Dinis.cruz: Protected "OWASP Newsletter 2": Email Sent, content is static now [edit=sysop:move=sysop]

2007-01-16T14:44:07Z

Protected "OWASP Newsletter 2": Email Sent, content is static now [edit=sysop:move=sysop]

OWASP at 12:55, 16 January 2007

2007-01-16T12:55:18Z

Dinis.cruz at 12:05, 16 January 2007

2007-01-16T12:05:41Z

Dinis.cruz at 12:04, 16 January 2007

2007-01-16T12:04:42Z

Dinis.cruz at 11:38, 16 January 2007

2007-01-16T11:38:29Z

Dinis.cruz at 11:28, 16 January 2007

2007-01-16T11:28:48Z

Dinis.cruz: /* OWASP News */

2007-01-16T11:13:31Z

‎OWASP News

Dinis.cruz: /* Latest Blog Entries */

2007-01-16T11:12:42Z

‎Latest Blog Entries

Dinis.cruz: /* Featured Projects: {TBD} */

2007-01-16T11:10:55Z

‎Featured Projects: {TBD}

Dinis.cruz: /* OWASP News Headlines (from owasp.org website) */

2007-01-16T11:02:26Z

‎OWASP News Headlines (from owasp.org website)

@@ Line 3: / Line 3: @@
 ''' OWASP Newsletter #2 – January 8th 2006 to January 15th 2006'''
-Hello, here is another newsletter with tons of links and information about what is happening at OWASP.
+Hello, here is another newsletter with tons of links and information about what is happening at OWASP. If you want something to appear in the next version, please add it to [[OWASP Newsletter 3]]
 Dinis Cruz
@@ Line 12: / Line 10: @@
 ====  OWASP News ====
 * [[ORG (OWASP Report Generator)]] - New release of [http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi| ORG Installer] (1/15/2007)
 * [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Live_CD OWASP Live CD] Beta Release  - Download it from [http://www.packetfocus.com/hackos| http://www.packetfocus.com/hackos]
@@ Line 72: / Line 72: @@
 ====  Latest additions to the WIKI ====
 '''New pages'''
-* [[OWASP Testing Project v2.0 - Review Guidelines]] - Support page for the OWASP Testing Project V2.0 Review effortw where you will find more details on how to participate in this collaborative review process.
+* [[OWASP Testing Project v2.0 - Review Guidelines]] - Support page for the OWASP Testing Project V2.0 Review effort where you will find more details on how to participate in this collaborative review process.
 * [[Chapter Leader Handbook]] - Handbook for new and experienced chapter leaders on leading an active chapter community.
 * [[OWASP WebScarab NG Project]] - Rogan details his work on the new version of WebScarab
@@ Line 129: / Line 129: @@
 * [http://au.sys-con.com/read/322897.htm Sprajax Author – AJAX Security Tool – To Speak at AJAXWorld 2007], SYS-CON Media, NJ - Jan 13, 2007
 * [http://www.computerweekly.com/Articles/2007/01/11/221120/web-application-security-vulnerabilities-by-the-numbers.htm Web application security vulnerabilities by the numbers], ComputerWeekly.com, UK - Jan 11, 2007
-* This one is actual an mistake from  PSC Group LLC , since there is currently no relationship with them an OWASP (note: I email them and they corrected this on their website) [http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070109005299&newsLang=en Fujitsu’s GlobalSTORE Software Completes Visa’s Payment ...], Business Wire (press release), CA - Jan 9, 2007   (there is a major typo in this article (OWASP related), see if you can spot it :) )
+* This one is actual an mistake from PSC Group LLC, since there is currently no relationship with them an OWASP (note: I emailed them and they corrected this on their website) [http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070109005299&newsLang=en Fujitsu’s GlobalSTORE Software Completes Visa’s Payment ...], Business Wire (press release), CA - Jan 9, 2007   (there is a major typo in this article (OWASP related), see if you can spot it :) )
 * [http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/01-09-2007/0004502553&EDATE= WhiteHat Security Announces Risk-Free Competitive Trade-Up Program], PR Newswire (press release), NY - Jan 9, 2007
 __NOEDITSECTION__

@@ Line 1: / Line 1: @@
 ''Sent to owasp-all mailing list on 16th Jan 2007''
-''' OWASP Newsletter #1 – January 8th 2006 to January 15th 2006'''
+''' OWASP Newsletter #2 – January 8th 2006 to January 15th 2006'''
 Hello, here is another newsletter with tons of links and information about what is happening at OWASP.

@@ Line 8: / Line 8: @@
 Dinis Cruz
 ====  OWASP News ====
@@ Line 35: / Line 37: @@
 Apart from some shameless marketing plus and its [http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/01-09-2007/0004502553&EDATE= real intention with this paper], WhiteHat Security has published a good paper on the limitations of Web Application Security Scanners capabilities to detect the [OWASP_Top_Ten_Project OWASP Top 10] vulnerabilities (which btw, all vendors claim they do). I actually think that the examples are quite basic, but they are good enough for the argument presented.
-You can download the page from [http://www.whitehatsec.com/home/assets/OWASPTop10ScannersF.pdf]
+You can download this paper from [http://www.whitehatsec.com/home/assets/OWASPTop10ScannersF.pdf]
 Quote: ''"The OWASP Top Ten is a list of the most critical web application
@@ Line 129: / Line 131: @@
 * This one is actual an mistake from  PSC Group LLC , since there is currently no relationship with them an OWASP (note: I email them and they corrected this on their website) [http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070109005299&newsLang=en Fujitsu’s GlobalSTORE Software Completes Visa’s Payment ...], Business Wire (press release), CA - Jan 9, 2007   (there is a major typo in this article (OWASP related), see if you can spot it :) )
 * [http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/01-09-2007/0004502553&EDATE= WhiteHat Security Announces Risk-Free Competitive Trade-Up Program], PR Newswire (press release), NY - Jan 9, 2007

@@ Line 12: / Line 12: @@
 * [[ORG (OWASP Report Generator)]] - New release of [http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi| ORG Installer] (1/15/2007)
 * [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Live_CD OWASP Live CD] Beta Release  - Download it from [http://www.packetfocus.com/hackos| http://www.packetfocus.com/hackos]
@@ Line 39: / Line 30: @@
 ; '''[[PDF Attack Filter for Java EE|Adobe XSS Filter for Java EE]]
 : This filter protects against the recent XSS attacks on PDF files. By using a redirect and an encrypted token, this filter ensures that dangerous attacks are not passed into the Adobe reader plugin.
 ====  Latest Blog Entries from blogs.owasp.org ====
@@ Line 109: / Line 119: @@
 ; '''Jan 10 - [http://www2.csoonline.com/exclusives/column.html?CID=28072 Vulnerability Disclosure: The Good, the Bad and the Ugly]'''
 :''More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?'', three good articles: [http://www2.csoonline.com/exclusives/column.html?CID=28071 Microsoft: Responsible Vulnerability Disclosure Protects Users] , [http://www2.csoonline.com/exclusives/column.html?CID=28073 Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’], [http://www2.csoonline.com/exclusives/column.html?CID=28072 The Vulnerability Disclosure Game: Are We More Secure?] and [http://www.csoonline.com/read/010107/fea_vuln.html The Chilling Effect]

@@ Line 1: / Line 1: @@
-Using the same format as used in [[OWASP Newsletter 1]] this is the page that will be used for the next Newsletter
+''Sent to owasp-all mailing list on 16th Jan 2007''
 ====  OWASP News ====
 * [[ORG (OWASP Report Generator)]] - New release of [http://sourceforge.net/project/downloading.php?group_id=64424&use_mirror=osdn&filename=ORG_v0.88.msi| ORG Installer] (1/15/2007)
 * [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Live_CD OWASP Live CD] Beta Release  - Download it from [http://www.packetfocus.com/hackos| http://www.packetfocus.com/hackos]
 ====  Featured Projects ====
@@ Line 10: / Line 28: @@
 *  [[:Category:OWASP Testing Project]] - As per my last email to you, we have started a review process for new version of the OWASP Testing Guide v2 (which you can you can read it on line [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents  Testing Guide v2 wiki - 'Release Candidate 1'] or view it in in [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_RC1_pdf.zip Adobe PDF format] or [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_RC1_doc.zip Ms Doc format]). If you want to participate in this review see the [[OWASP_Testing_Project_v2.0_-_Review_Guidelines]] page.
 ==== Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS====

← Older revision	Revision as of 14:44, 16 January 2007
(No difference)

@@ Line 20: / Line 20: @@
 : This filter protects against the recent XSS attacks on PDF files. By using a redirect and an encrypted token, this filter ensures that dangerous attacks are not passed into the Adobe reader plugin.
-====  Latest Blog Entries ====
+====  Latest Blog Entries from blogs.owasp.org ====
 * from [http://blogs.owasp.org/eoinkeary/ Eoin Keary] blog
 ** [http://blogs.owasp.org/eoinkeary/2007/01/11/owasp-testing-guide-v20/ OWASP Testing Guide v2.0], January 11th, 2007

@@ Line 5: / Line 5: @@
 * [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Live_CD OWASP Live CD] Beta Release  - You can download it from [http://www.packetfocus.com/hackos| http://www.packetfocus.com/hackos ]
-====  Featured Projects: {TBD} ====
+====  Featured Projects ====
 ==== Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS====

@@ Line 81: / Line 81: @@
 *'''Jan 16 (17:45h) - [[Edmonton|Edmonton chapter meeting]]'''
-====  OWASP News Headlines (from owasp.org website) ====
 ====  Application Security News (from Owasp.org) ====