Podcast 12 - Revision history

Jmanico at 09:39, 13 May 2009

2009-05-13T09:39:39Z

Jmanico at 04:17, 12 March 2009

2009-03-12T04:17:50Z

Jmanico at 04:19, 7 March 2009

2009-03-07T04:19:15Z

Jmanico at 05:42, 1 March 2009

2009-03-01T05:42:51Z

Jmanico at 05:42, 1 March 2009

2009-03-01T05:42:35Z

Dre: /* OWASP AppSec News */

2009-02-26T23:19:04Z

‎OWASP AppSec News

Jmanico at 23:17, 26 February 2009

2009-02-26T23:17:24Z

Dre: /* OWASP AppSec News */

2009-02-26T02:15:00Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-26T02:12:19Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-26T02:11:46Z

‎OWASP AppSec News

@@ Line 2: / Line 2: @@
 OWASP Interview with Ryan C. Barnett<br/>
-Recorded February 23th and 26th, 2009
+Recorded February 23th and 26th, 2009<br/>
   [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_12.mp3 mp3]

@@ Line 4: / Line 4: @@
 Recorded February 23th and 26th, 2009
-  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!--[http://www.owasp.org/download/jmanico/owasp_podcast_12.mp3 mp3] -->
+  [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_12.mp3 mp3]
 ==Participants==

@@ Line 8: / Line 8: @@
 ==Participants==
 <ul>
-<li> <b>Ryan C. Barnett</b> is the Director of Application Security Research at Breach Security. He is also a Faculty Member for the SANS Institute, Team Lead for the Center for Internet Security Apache Benchmark Project and a Member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache." Ryan can be reached at: ryan.barnett(at)breach.com </li>
+<li> <b>Ryan C. Barnett</b> is the Director of Application Security Research at Breach Security. He is also the Project Leader for the OWASP ModSecurity Core RuleSet Project, a faculty member for the SANS Institute, a Team Lead for the Center for Internet Security Apache Benchmark Project and a Member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache." Ryan can be reached at: ryan.barnett(at)breach.com </li>
 </ul>

@@ Line 1: / Line 1: @@
 '''[[OWASP_Podcast|OWASP Podcast Series]] #12'''
-OWASP Interview with Ryan Barnett<br/>
+OWASP Interview with Ryan C. Barnett<br/>
 Recorded February 23th and 26th, 2009
@@ Line 8: / Line 8: @@
 ==Participants==
 <ul>
-<li> Ryan C. Barnett is the Director of Application Security Research at Breach Security. He is also a Faculty Member for the SANS Institute, Team Lead for the Center for Internet Security Apache Benchmark Project and a Member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache." Ryan can be reached at: ryan.barnett(at)breach.com </li>
+<li> <b>Ryan C. Barnett</b> is the Director of Application Security Research at Breach Security. He is also a Faculty Member for the SANS Institute, Team Lead for the Center for Internet Security Apache Benchmark Project and a Member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache." Ryan can be reached at: ryan.barnett(at)breach.com </li>
 </ul>

@@ Line 1: / Line 1: @@
-'''[[OWASP_Podcast|OWASP Podcast Series]] #3'''
+'''[[OWASP_Podcast|OWASP Podcast Series]] #12'''
-OWASP NEWS March 2009<br/>
+OWASP Interview with Ryan Barnett<br/>
-Recording TBD
+Recorded February 23th and 26th, 2009
-==OWASP AppSec News==
+ [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!--[http://www.owasp.org/download/jmanico/owasp_podcast_12.mp3 mp3] -->
-Feb 10 - https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/business/1093-BSI.html<br/ >
-The Build Security In website asks "What measures do vendors use for software assurance?". Jeremy Epstein performed a study with 8 independent software vendors about their techniques and motivations for implementing an internal software assurance program similar in theory to the Microsoft SDL.<br/ >
+==Participants==
-Feb 11 - http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2009/02/10/an-unfortunate-case-of-learned-behavior.aspx<br />
+<ul>
-Rafal Los of HP postulates that all tools and all human testers have shortcomings, demonstrated by the fact that there are so many inconsistencies in pen-testing activities.<br/ >
+<li> Ryan C. Barnett is the Director of Application Security Research at Breach Security. He is also a Faculty Member for the SANS Institute, Team Lead for the Center for Internet Security Apache Benchmark Project and a Member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache." Ryan can be reached at: ryan.barnett(at)breach.com </li>
-Feb 13 - http://www.cigital.com/justiceleague/2009/02/13/do-cloud-based-apps-destroy-web-app-security/<br/ >
+</ul>

@@ Line 6: / Line 6: @@
 ==OWASP AppSec News==
 Feb 10 - https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/business/1093-BSI.html<br/ >
-BSI asks "What measures do vendors use for software assurance?"<br/ >
+The Build Security In website asks "What measures do vendors use for software assurance?". Jeremy Epstein performed a study with 8 independent software vendors about their techniques and motivations for implementing an internal software assurance program similar in theory to the Microsoft SDL.<br/ >
 Feb 11 - http://www.communities.hp.com/securitysoftware/blogs/rafal/archive/2009/02/10/an-unfortunate-case-of-learned-behavior.aspx<br />
-Rafal Los of HP talks about tools<br/ >
+Rafal Los of HP postulates that all tools and all human testers have shortcomings, demonstrated by the fact that there are so many inconsistencies in pen-testing activities.<br/ >
 Feb 13 - http://www.cigital.com/justiceleague/2009/02/13/do-cloud-based-apps-destroy-web-app-security/<br/ >
 Feb 19 - http://nickcoblentz.blogspot.com/2009/02/create-security-strategy-before.html<br/ >
-Scott Matsumoto waxes philosophical about the effect of cloud computing on web applications<br/ >
+Scott Matsumoto waxes philosophical about the effect of cloud computing on web applications, while Nick Coblentz discusses plans for web application security integration with cloud computing.<br/ >
 Feb 14 - http://wivet.googlecode.com<br/ >
-Wivet, a benchmarking project that aims to statistically analyze web link extractors (i.e. gauge the quality of web application security scanners) recently released version 3 and updated their wiki with new information about scanner results and a future look through their wishlist<br/ >
+Wivet, a benchmarking project that aims to statistically analyze web link extractors (that is - gauge the quality of a web application security scanner's ability to crawl) recently released version 3 and updated their wiki with new information about scanner results and a future look through their wishlist.<br/ >
 Feb 16 - http://www.owasp.org/index.php/Cincinnati#November_Meeting<br/ >
-The OWASP local chapter in Cincinnati has recently posted a presentation given in November 2008 by Jeremiah Blatz on "Web Application Hacking for Developers"<br/ >
+The OWASP local chapter in Cincinnati has recently posted a presentation given in November 2008 by Jeremiah Blatz of Foundstone on "Web Application Hacking for Developers".<br/ >
 Feb 18 - http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Smith<br/ >
-The powerpoints and whitepapers for BlackHat DC 2009 were made available, including a fabulous presentation from Colin Ames, Delchi, and Val Smith on "Dissecting Web Attacks"<br/ >
+The presentaitons and whitepapers for BlackHat DC 2009 were made available, including a fabulous presentation from Colin Ames, Delchi, and Val Smith on "Dissecting Web Attacks".<br/ >
 Feb 15 - http://www.dragoslungu.com/2009/02/15/gartner-magic-quadrant-on-static-application-security-testing-feb-2009/<br />
 Feb 20 - http://www.cigital.com/justiceleague/2009/02/19/gartner-and-static-analysis/<br/ >
@@ Line 24: / Line 23: @@
 John Steven at Cigital weighs in with his SAST views<br/ >
 Feb 20 - http://www.securitycatalyst.com/the-balkanization-of-web-application-security/<br/ >
-Bill Pennington theorizes, "most people in the web application security space are specialist in one particular area, source code review, black box testing, web application firewalls or developer training. This lack of knowledge of the other solutions generally breeds fear and contempt".<br/ >
+Bill Pennington theorizes, "most people in the web application security space are a specialist in one particular area, source code review, black box testing, web application firewalls or developer training. This lack of knowledge of the other solutions generally breeds fear and contempt".<br/ >
 Feb 22 - http://appsecnotes.blogspot.com/2009/02/dirbuster-shoots-and-scores.html<br/ >
-Dave Ferguson discusses the OWASP DirBuster tool, developed by James Fisher<br/ >
+Dave Ferguson discusses the OWASP DirBuster tool, developed by James Fisher.<br/ >
 Feb 22 - http://funkatron.com/site/comments/safely-parsing-json-in-javascript/<br/ >
-A discussion about safely parsing JSON in Javascript, which includes Douglas Crocker's prescriptions<br/ >
+A discussion about safely parsing JSON in Javascript, which includes Douglas Crocker's prescriptions.<br/ >
-Feb 24 - http://www.infosecramblings.com/2009/02/24/insecure-magazine-20-is-out/<br/ >
+Feb 25 - http://shreeraj.blogspot.com/2009/02/article-on-web-2.html<br/ >
-Kevin Riggins brings attention to the latest issue of INSECURE magazine, issue 20.  The recent magazine includes an article on "Web 2.0 case studies: challenges, approaches and vulnerabilities"<br/ >
+Shreeraj Shah brings attention to the latest issue of INSECURE magazine, issue 20.  The recent magazine includes his article on "Web 2.0 case studies: challenges, approaches and vulnerabilities".<br/ >
 <br/ >
 Society of Payment Security Professionals<br/ >
 https://www.paymentsecuritypros.com/en/articles/search.asp?category=Articles<br/ >
 https://www.paymentsecuritypros.com/en/users/login.asp?/appsecurityusergroup/index.asp<br/ >
-SPSP has recently posted information about Education and Training Validity, as well as Certification Validation.  Ed Bellis of Orbitz and Trey Ford of WhiteHatSec are heading up the AppSec working group within SPSP, but the information about the group and wiki are currently members only<br/ >
+SPSP has recently posted information about Education and Training Validity, as well as Certification Validation.  Ed Bellis of Orbitz and Trey Ford of WhiteHatSec are heading up the AppSec working group within SPSP, but the information about the group and wiki are currently members only.<br/ >
 <br/ >
 Safari and GIFAR<br/ >
@@ Line 41: / Line 42: @@
 Feb 24 - http://riosec.com/updates-on-gifar-vulnerability<br/ >
 Feb 25 - http://www.cgisecurity.com/2009/02/apple-goes-public-with-security-in-safari-4.html<br/ >
-Billy Rios speaks about the recent Safari security bugs and GIFAR.  Robert Auger speaks to the recent security improvements upcoming in Safari version 4<br/ >
+Billy Rios speaks about the recent Safari security bugs and GIFAR.  Robert Auger speaks to the recent security improvements upcoming in Safari version 4.<br/ >
 <br/ >
 OWASP Software Assurance Day 2009