This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Newsletter 10"

From OWASP
Jump to: navigation, search
(Latest additions to the WIKI)
 
(8 intermediate revisions by one other user not shown)
Line 1: Line 1:
''Sent to owasp-all mailing list on ?? May 2007''  
+
''Sent to owasp-all mailing list on 13 July 2007''  
 
==  OWASP Newsletter #10 (10-Jul-2007) ==
 
==  OWASP Newsletter #10 (10-Jul-2007) ==
Welcome to the 10th OWASP Newsletter. blablabla
+
Welcome to the 10th OWASP Newsletter covering:
 +
* 28,000 USD available for work selected OWASP Projects (July 2007 Batch)
 +
* The OWASP Moderated AppSec News Feed
 +
* (Past) OWASP on the Move Events
 +
* What's happening online at OWASP and in your chapters?
 +
* OWASP references in the Media
  
== Featured Item: The OWASP Moderated AppSec News Feed ==
+
Don't by shy to put YOUR stuff in the next [[OWASP Newsletter 11]].
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. [http://www.google.com/reader/public/atom/user/16712724397688793161/state/com.google/broadcast The OWASP Moderated AppSec News Feed]
+
 
 +
regards,
 +
 
 +
Sebastien Deleersnyder
  
== Featured Project: tbd ==
+
Belgium/Luxemburg OWASP Chapter board member
  
== Latest additions to the WIKI ==
+
== Featured Item: 28,000 USD available for work selected OWASP Projects (July 2007 Batch) ==
Cross-Site Request Forgery
+
Now with the SpoC 007 (Spring of Code 2007) under way, Dinis would like to ask for proposals for OWASP projects that OWASP has funds (28,000 USD) specifically allocated to:
7th OWASP AppSec Conference - San Jose 2007
+
* '''OSG - OWASP Site Generator''' - Join Boris in his development of the new version of .NET's OSG (funds from SPI Dynamics and Cenzic membership fees)
OWASP Code Review Guide Table of Contents
+
* '''OWASP Corporate Application Security Rating Guide''' - Create and release the first version of this very important document ( funds from Cenzic membership fees)
First sweep of the code base
+
* '''Questions for SANS''' - Write 200 questions for SANS with a % of those questions made open to the OWASP community (funds directly allocated by SANS for this project)
Category:OWASP Web 2.0 Project
+
* '''Source Code Review OWASP Projects''' - Implement a workflow where all OWASP projects that use JAVA technology are automatically audited for security flaws (funds directly allocated by Fortify Software for this project)
Category:How To
+
* '''BlackTop project''' - Develop a runtime code analysis tool to be used by Penetration Testers during client engagements (funds directly allocated by Ounce Labs for this project).
Java Server Faces
 
OWASP Spring Of Code 2007 Project Management
 
Resource Injection
 
Repudiation Attack
 
Top 10 2007-Injection Flaws
 
Wiki sandbox
 
IPhone
 
WSS
 
Category:OWASP .NET Project
 
Template:Jobs Board
 
  
 +
You can find more details on this page: [http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects]
  
 +
== Featured Item: The OWASP Moderated AppSec News Feed ==
 +
This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. [http://www.google.com/reader/public/atom/user/16712724397688793161/state/com.google/broadcast The OWASP Moderated AppSec News Feed]
  
 +
== (Past) OWASP on the Move Events ==
 +
* In [[Turkey]] Dinis will talk about OWASP World (tools, documents, projects,etc..)
 +
* In [[Belgium]] Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).
 +
The [[OWASP on the Move]] page allows you to find:
 +
* OWASP speakers to entertain OWASP presentations and that want to see the world
 +
* Local chapters or application security events that want to attract an OWASP speaker
 +
* OWASP sponsors that want to support spreading the OWASP message
  
Boston
+
== Latest additions to the WIKI ==
Turkey
+
*[[Cross-Site Request Forgery]]
Denver
+
*[[7th OWASP AppSec Conference - San Jose 2007]]
=> july2
+
*[[OWASP Code Review Guide Table of Contents]]
 +
*[[First sweep of the code base]]
 +
*[[:Category:OWASP Web 2.0 Project]]
 +
*[[:Category:How To]]
 +
*[[Java Server Faces]]
 +
*[[OWASP Spring Of Code 2007 Project Management]]
 +
*[[Resource Injection]]
 +
*[[Repudiation Attack]]
 +
*[[Top 10 2007-Injection Flaws]]
 +
*[[Wiki sandbox]]
 +
*[[IPhone]]
 +
*[[WSS]]
 +
*[[:Category:OWASP .NET Project]]
 +
*[[:Template:Jobs Board]]
 +
*[[Introduction]]
 +
*[[DN BOFinder]]
 +
*[[:Category:OWASP Web Application Security Put Into Practice]]
 +
*[[Cross Site Scripting]]
 +
*[[CSRF Guard]]
 +
*[[Top 10 2007-Cross Site Request Forgery]]
 +
*[[:Category:OWASP DirBuster Project]]
 +
*[[Appendix A: Testing Tools]]
 +
*[[OWASP Code Review Guide Table of Contents]]
 +
*[[Top 10 2007-Insecure Cryptographic Storage]]
 +
*[[Cryptography]]
 +
*[[Top 10 2007-Broken Authentication and Session Management]]
 +
*[[Avoiding SQL Injection]]
 +
*[[Reviewing Code for SQL Injection]]
 +
*[[Testing for SQL Injection  (OWASP-DV-005)|Testing for SQL Injection ]]
 +
*[[Top 10 2007-Injection Flaws]]
 +
*[[Guide to SQL Injection]]
 +
*[[Top 10 2007-Cross Site Scripting]]
 +
*[[:Category:OWASP Cookies Database]]
 +
*[[:Category:OWASP CLASP Project]]
 +
*[[:Category:OWASP Oracle Project]]
 +
*[[OWASP on the Move]]
 +
*[[Reviewing Cryptographic Code]]
 +
*[[:Category:OWASP XML Security Gateway Evaluation Criteria Project Latest]]
  
==== New Pages====
 
* tbd
 
  
==== Updated pages====  
+
==== Updated chapterpages ====  
 
Updated chapter pages:
 
Updated chapter pages:
* tbd
+
*[[Boston]]
Other pages:
+
*[[Turkey]]
* tbd
+
*[[Denver]]
 
+
*[[Spain]]
 +
*[[Phoenix/Tools]]
 +
*[[Taiwan OWASP 2007]]
 +
*[[Virginia (Northern Virginia)]]
 +
*[[Houston]]
 +
*[[Belgium]]
 +
*[[Boulder]]
 +
*[[NYNJMetro]]
 +
*[[Toronto]]
 +
*[[France]]
 +
*[[Minneapolis St Paul]]
 
==== New Documents & Presentations from chapters====  
 
==== New Documents & Presentations from chapters====  
* tbd
 
 
For a complete list of chapter presentations see [[OWASP_Education_Presentation|the online table of presentations]].
 
For a complete list of chapter presentations see [[OWASP_Education_Presentation|the online table of presentations]].
 
==== Latest Blog entries====
 
* tbd
 
  
 
==== OWASP Community====
 
==== OWASP Community====
OWASP and WASC have joined together to host a combined meetup at Blackhat USA 2007 in Las Vegas on Aug 1 from 8-9:30 at the Shadow Bar. Breach Security has stepped forward to sponsor the event. Please [http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf download the invite and RSVP]. Come and join us for a drink and meet other like minded people from the industry. NOTE: Those who have already RSVPed need not to RSVP again.  
+
OWASP and WASC have joined together to host a combined meetup at Blackhat USA 2007 in Las Vegas on Aug 1 from 8-9:30 at the Shadow Bar. Breach Security has stepped forward to sponsor the event. Please [http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf download the invite and RSVP]. Come and join us for a drink and meet other like minded people from the industry. NOTE: Those who have already RSVPed need not to RSVP again.
 
 
* tbd
 
 
 
==== Application Security News ====
 
* tbd
 
  
== OWASP references in the Media==
+
== OWASP references in the Media ==
* tbd
+
* [http://www.matasano.com/log/906/random-thoughts-on-owasp/ Random Thoughts On OWASP]
 +
* [http://ha.ckers.org/blog/20070520/owasp-austin/ RSnake at Austin Chapter]
 +
* [http://blog.php-security.org/archives/81-OWASP-Risk-Evaluation.html OWASP Risk Evaluation (and how a WIKI is great at correcting things on the fly)]

Latest revision as of 22:42, 14 December 2008

Sent to owasp-all mailing list on 13 July 2007

OWASP Newsletter #10 (10-Jul-2007)

Welcome to the 10th OWASP Newsletter covering:

  • 28,000 USD available for work selected OWASP Projects (July 2007 Batch)
  • The OWASP Moderated AppSec News Feed
  • (Past) OWASP on the Move Events
  • What's happening online at OWASP and in your chapters?
  • OWASP references in the Media

Don't by shy to put YOUR stuff in the next OWASP Newsletter 11.

regards,

Sebastien Deleersnyder

Belgium/Luxemburg OWASP Chapter board member

Featured Item: 28,000 USD available for work selected OWASP Projects (July 2007 Batch)

Now with the SpoC 007 (Spring of Code 2007) under way, Dinis would like to ask for proposals for OWASP projects that OWASP has funds (28,000 USD) specifically allocated to:

  • OSG - OWASP Site Generator - Join Boris in his development of the new version of .NET's OSG (funds from SPI Dynamics and Cenzic membership fees)
  • OWASP Corporate Application Security Rating Guide - Create and release the first version of this very important document ( funds from Cenzic membership fees)
  • Questions for SANS - Write 200 questions for SANS with a % of those questions made open to the OWASP community (funds directly allocated by SANS for this project)
  • Source Code Review OWASP Projects - Implement a workflow where all OWASP projects that use JAVA technology are automatically audited for security flaws (funds directly allocated by Fortify Software for this project)
  • BlackTop project - Develop a runtime code analysis tool to be used by Penetration Testers during client engagements (funds directly allocated by Ounce Labs for this project).

You can find more details on this page: http://www.owasp.org/index.php/Funds_available_for_OWASP_Projects

Featured Item: The OWASP Moderated AppSec News Feed

This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. The OWASP Moderated AppSec News Feed

(Past) OWASP on the Move Events

  • In Turkey Dinis will talk about OWASP World (tools, documents, projects,etc..)
  • In Belgium Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).

The OWASP on the Move page allows you to find:

  • OWASP speakers to entertain OWASP presentations and that want to see the world
  • Local chapters or application security events that want to attract an OWASP speaker
  • OWASP sponsors that want to support spreading the OWASP message

Latest additions to the WIKI


Updated chapterpages

Updated chapter pages:

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of presentations.

OWASP Community

OWASP and WASC have joined together to host a combined meetup at Blackhat USA 2007 in Las Vegas on Aug 1 from 8-9:30 at the Shadow Bar. Breach Security has stepped forward to sponsor the event. Please download the invite and RSVP. Come and join us for a drink and meet other like minded people from the industry. NOTE: Those who have already RSVPed need not to RSVP again.

OWASP references in the Media