Podcast 8 - Revision history

Jmanico at 22:08, 20 February 2009

2009-02-20T22:08:44Z

Jmanico at 09:42, 20 February 2009

2009-02-20T09:42:28Z

Jmanico at 06:28, 20 February 2009

2009-02-20T06:28:42Z

Jmanico at 06:28, 20 February 2009

2009-02-20T06:28:06Z

Dre: /* OWASP AppSec News */

2009-02-08T23:38:54Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-08T23:11:31Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-08T21:33:12Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-08T20:17:00Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-08T20:10:56Z

‎OWASP AppSec News

Dre: /* OWASP AppSec News */

2009-02-08T19:58:55Z

‎OWASP AppSec News

← Older revision		Revision as of 22:08, 20 February 2009
Line 5:		Line 5:

	[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3 mp3]		[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3 mp3]
		+
		+	Thank you to Dre for co-producing and preparing the news segments.<br/>
		+	Thank you to Marcin for "debugging" the early edits.

	==OWASP AppSec News==		==OWASP AppSec News==

@@ Line 4: / Line 4: @@
 Recorded First Week in February 2009
-[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_7.mp3 mp3]
+[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_8.mp3 mp3]
 ==OWASP AppSec News==

@@ Line 3: / Line 3: @@
 OWASP NEWS PART 1 February 2009<br/>
 Recorded First Week in February 2009
-[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png]
+[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_7.mp3 mp3]
 ==OWASP AppSec News==

@@ Line 1: / Line 1: @@
 '''[[OWASP_Podcast|OWASP Podcast Series]] #8'''
-OWASP NEWS<br/>
+OWASP NEWS PART 1 February 2009<br/>
-Recording TBD
+Recorded First Week in February 2009
-<!-- - [http://www.owasp.org/download/jmanico/owasp_podcast_7.mp3 Listen Now owasp_podcast_7.mp3] -->
+ - [http://www.owasp.org/download/jmanico/owasp_podcast_7.mp3 mp3]
 [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png]

@@ Line 33: / Line 33: @@
 http://ounceopen.squarespace.com<br />
 The OWASP legend, Dinis Cruz and OunceLabs Advanced Research Team have a website for O2, or OunceOpen.  O2 was developed by Security Professionals FOR security professionals, and is designed to automate the security consultant's brain!<br/ >
-http://research.zscaler.com
+http://research.zscaler.com<br/ >

@@ Line 16: / Line 16: @@
 While many of you may be familiar with the ha.ckers.org RSnake XSS Cheat Sheet, Michael Coates and Nick Coblentz talk about the advantages of the OWASP XSS Prevention Cheat Sheet.  Michael says it's "cool" because it addresses: Injecting Up vs Injecting Down, Attribute Escaping, Javascripting Escaping, CSS Escaping, and URL Escaping<br/ >
 http://blogs.msdn.com/sdl/archive/2009/01/27/sdl-and-the-cwe-sans-top-25.aspx<br />
 Bryan Sullivan and Michael Howard put together some information about the Top 25 Most Dangerious programming errors on the SDL blog, including a mapping of the Microsoft SDL to each Common Weakness, or CWE, and how to best address each weakness through education, threat-modeling, a specific Microsoft tool, and/or manual review<br/ >
 http://denimgroup.typepad.com/denim_group/2009/01/owasp-san-antonio-slide-deck-online.html<br/ >
@@ Line 22: / Line 23: @@
 Another presentation came across the blog world from Alex Smolen @ Foundstone.  He spoke at SoCal Code Camp on the "Top Ten Tips for Tenacious Defense in ASP.NET".  I know that a lot of people ask, "What are the specific protections that OWASP recommends, and which are out of beta or stable enough to use?"  Alex seems to have a prescription.<br/ >
 http://www.cgisecurity.com/2009/01/web-application-scanners-comparison.html<br />
 cgisecurity.com brings us a news piece on a recent web application security scanner comparison.  Someone named "anantasec" posted a 26-page evaluation of three commercial WASS tools. He tested 13 web applications, 3 demo applications provided by the vendors, and some tests to verify Javascript execution capabilities.<br/ >
 http://shreeraj.blogspot.com/2009/01/infosecworld-08-presenting-research.html<br />

@@ Line 28: / Line 28: @@
 jOHN Steven of Cigital posts on the Justice League blog about hybrid analysis tools.  jOHN approaches hybrid analysis from the stance that A) there are strengths to each tool and each type of analysis, and B) While unpopular today, it is valuable to drive dynamic testing efforts from static analysis results<br/ >
 http://jobsearchtech.about.com/od/educationfortechcareers/g/CSSLP.htm<br />
 http://ounceopen.squarespace.com<br />
 http://research.zscaler.com

@@ Line 13: / Line 13: @@
 http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project<br/>
 http://michael-coates.blogspot.com/2009/02/xss-prevention.html<br/>
-While many of you may be familiar with the ha.ckers.org RSnake XSS Cheat Sheet, Michael Coates talks about the advantages of the OWASP XSS Prevention Cheat Sheet.  He says it's cool because it addresses: Injecting Up vs Injecting Down, Attribute Escaping, Javascripting Escaping, CSS Escaping, and URL Escaping<br/ >
+http://nickcoblentz.blogspot.com/2009/01/owasps-xss-prevention-cheat-sheet.html<br />
 http://blogs.msdn.com/sdl/archive/2009/01/27/sdl-and-the-cwe-sans-top-25.aspx<br />
 Bryan Sullivan and Michael Howard put together some information about the Top 25 Most Dangerious programming errors on the SDL blog, including a mapping of the Microsoft SDL to each Common Weakness, or CWE, and how to best address each weakness through education, threat-modeling, a specific Microsoft tool, and/or manual review<br/ >
@@ Line 25: / Line 26: @@
 Shreeraj Shah posted on his blog about an upcoming event that may be worth checking out.  He is speaking at Infosecworld on "Defending Against the Worst Web-Based Application Vulnerabilities in 2009", which is being held in Florida on Wednesday, March 11th. His "next generation" attack research includes topics such as SQL over JSON, XSS with RSS feeds, and XPATH over SOAP<br/ >
 http://www.cigital.com/justiceleague/2009/01/22/let-the-posturing-begin/<br />
-http://nickcoblentz.blogspot.com/2009/01/owasps-xss-prevention-cheat-sheet.html<br />
 http://jobsearchtech.about.com/od/educationfortechcareers/g/CSSLP.htm<br />
 http://ounceopen.squarespace.com<br />
 http://research.zscaler.com