This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Newsletter 3"
From OWASP
Dinis.cruz (talk | contribs) (→Application Security News) |
Dinis.cruz (talk | contribs) (→OWASP Community) |
||
Line 29: | Line 29: | ||
==== OWASP Community ==== | ==== OWASP Community ==== | ||
− | + | *'''Feb 13 (18:00h) - [[Ireland|Ireland chapter meeting]]''' | |
+ | *'''Feb 6 (18:00h) - [[Melbourne|Melbourne chapter meeting]]''' | ||
+ | *'''Jan 31 (15:00h) - [[Mumbai|Mumbai chapter meeting]]''' | ||
+ | *'''Jan 30 (11:30h) - [[Austin|Austin chapter meeting]]''' | ||
+ | *'''Jan 25 (18:00h) - [[San Francisco| San Francisco chapter meeting]]''' | ||
+ | *'''Jan 25 (14:30h) - [[Italy#October_25th.2C_2007_-_Isaca_Rome|Italy@ISACA Rome]]''' | ||
+ | *'''Jan 24 (17:30h) - [[Israel#6th_OWASP_IL_meeting:_Wednesday.2C_January_24th_2007|6th OWASP Israel chapter meeting]]''' | ||
+ | *'''Jan 23 (18:00h) - [[Belgium|Belgium chapter meeting]]''' | ||
==== OWASP News Headlines ==== | ==== OWASP News Headlines ==== |
Revision as of 19:30, 22 January 2007
Using the same format as used in OWASP Newsletter 1 and OWASP Newsletter 2 this is the page that will be used for the next Newsletter
OWASP News
{....}
OWASP Projects that need your help
- [Java Project]: Convert Mark Petrovic's article Discovering a Java Application's Security Requirements into the WIKI (contact Stephen de Vries if you are interrested)
- [.Net Project]: Add PDP GnuCitizen AttackAPI to OWASP Site Generator and convert the php files into ASP.NET
Featured Projects:
OWASP Java Project
- How to perform HTML entity encoding in Java to prevent Cross Site Scripting attacks
- JAAS Tomcat Login Module - an example of how to implement a time delayed JAAS login module in Tomcat
- Securing Apache Tomcat - a guide for deployers on how to secure Apache Tomcat
- Hashing in Java - how to securely implement cryptographic hashing in Java
Latest additions to the WIKI
Updated pages
- OWASP student projects - Updated with new ideas for projects
- How OWASP Works - Updated information on OWASP's board current structure and future plans
- OWASP WebScarab NG Project Technical Info - Technical info about the OWASP WebScarab NG Project
OWASP Community
- Feb 13 (18:00h) - Ireland chapter meeting
- Feb 6 (18:00h) - Melbourne chapter meeting
- Jan 31 (15:00h) - Mumbai chapter meeting
- Jan 30 (11:30h) - Austin chapter meeting
- Jan 25 (18:00h) - San Francisco chapter meeting
- Jan 25 (14:30h) - Italy@ISACA Rome
- Jan 24 (17:30h) - 6th OWASP Israel chapter meeting
- Jan 23 (18:00h) - Belgium chapter meeting
OWASP News Headlines
{....}
Application Security News
- Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
- Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
- Hackers attack MoneyGram International server, breach personal info of 80,000 customers - A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
- Also worth a read: A Rude Awakening , Making Security Rewarding Discovering a Java Application's Security Requirements, Security Startups Make Debut, Source Code Specialist Fortify to Buy Secure Software , Ajax Sniffer - Prrof of concept, Decoding the Google Blacklist, Visual WebGui Announces The Dot.Net Answer To Google's GWT
OWASP references in the Media
{....}