Difference between revisions of "Podcast 2"

  direct download

- Stephen Craig Evans is an independent software security consultant based in southeast Asia.
- Jim Manico is a Web Application Architect and Security Engineer for Aspect Security. 

- OWASP Summer of Code project wiki, Securing WebGoat using ModSecurity
- OWASP Orizon Project
- Advice for those who want to contribute to a OWASP project
- Status of Web App Sec in the Asia/Pacific region

- Securing WebGoat using ModSecurity project main page
- Discussion of the project in OWASP Podcast #1 starting at the 58 minute mark
- Application Intrusion Prevention Systems - Fabrice Marie (Slides, HITB 2006 home page)
- Remo - Rule Editor for ModSecurity
- OWASP NYC AppSec 2008 Conference home page
- Building a tool for Security consultants: A story of a customized source code scanner - Dinis Cruz
- Ounce O2 web site
- The OWASP Orizon Project: towards version 1.0 - Paolo Perego (Slides)
- OWASP Orizon project
- Please post project questions/comments on the mailing list (subscribe here)

@@ Line 1: / Line 1: @@
-'''[https://www.owasp.org/index.php/Category:OWASP_PodCast OWASP Podcast Series] #2'''
+'''[[OWASP_Podcast | OWASP Podcast Series]] #2'''
+<br/>Interview with Stephen Craig Evans<br/>
+<b>Recorded December 20, 2008</b><br/>
+ [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://images.apple.com/itunes/overview/images/overview-icon-itunes20081106.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] [http://www.owasp.org/download/jmanico/owasp_podcast_2.mp3 direct download]
-Recording December 20, 2008
+"For PCI Compliance,  its doesn't say that .. that your site<br/>
+has to be secure. It says you need to put in processes, and that<br/>
+you know, you have to act like you're trying..." - Stephen Craig Evans
-Participants
+== Participants ==
-  - Stephen Craig Evans
+  - Stephen Craig Evans is an independent software security consultant based in southeast Asia.
-  - Jim Manico is a Web Application Architect and Security Instructor for Aspect Security.
+  - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.
-OWASP News
+== Interview with Stephen Craig Evans ==
-  - December 15, 2008 - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model]
+  - OWASP Summer of Code project wiki, [[OWASP_Securing_WebGoat_using_ModSecurity_Project|Securing WebGoat using ModSecurity]]
-  - December 10, 2008 - [http://www.microsoft.com/technet/security/advisory/961051.mspx Vulnerability in Internet Explorer Could Allow Remote Code Execution]
+  - OWASP Orizon Project
-  - December 8, 2008 - [http://blogs.zdnet.com/security/?p=2308 4 XSS flaws hit Facebook]
+ - Advice for those who want to contribute to a OWASP project
+  - Status of Web App Sec in the Asia/Pacific region
-Interview withStephen Craig Evans
+== Podcast References ==
-  - OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
+  - Securing WebGoat using ModSecurity [https://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project project main page]
+ - Discussion of the project in [https://www.owasp.org/index.php/Podcast_1 OWASP Podcast #1] starting at the 58 minute mark
-arshan: http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html
+ - [http://video.google.com/videoplay?docid=-5884267248089217481 Application Intrusion Prevention Systems - Fabrice Marie] ([http://www.packetstormsecurity.org/hitb06/DAY_1_-_Fabrice_Marie_-_AIPS.pdf Slides], [http://video.hitb.org/2006.html HITB 2006 home page])
-also looks like crazy news
+ - [http://remo.netnea.com/ Remo - Rule Editor for ModSecurity]
-running native code over the web
+ - [https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference OWASP NYC AppSec 2008 Conference home page]
-if your code passes a static analysis check
+ - [http://video.google.com/videoplay?docid=5269154656993046978 Building a tool for Security consultants: A story of a customized source code scanner - Dinis Cruz]
-is the static analyzer using whitelist or blacklist rules?
+ - [http://ounceopen.squarespace.com/ Ounce O2 web site]
-bypass = arbitrary native code, by design
+ - [http://video.google.com/videoplay?docid=-9104434795648450379 The OWASP Orizon Project: towards version 1.0 - Paolo Perego] ([http://www.owasp.org/index.php/Image:The_Owasp_Orizon_Project_Towards_version_1.0_v1.0.ppt#file Slides])
-fukami had some interesting findings in bypassing binary analysis
+ - [https://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon project]
-(in flash, but still interesting)
+ - Please post project questions/comments on the mailing list (subscribe [https://lists.owasp.org/mailman/listinfo/owasp-webgoat-using-modsecurity here])
-http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html
-thats big news
-michael zalewski dumped core
-Sent at 4:50 PM on Wednesday
-jim: one sec, brb
-Sent at 4:50 PM on Wednesday
-jim: have you seed
-https://www.owasp.org/index.php/Podcast_2
-seen...
-edit it man
-edit it
-its crying to be edited
-arshan: you want me to put my zings up there?
-it will be lame - we don't even need nodes
-notes*
-imho
-jim: please
-arshan: why listen when you can read the notes
-jim: bring on the magic arshan juice
-dont hold back
-arshan: makes it look so pre planned
-jim: first, you need to goto owasp.org and press the "login" button in the upper right

Difference between revisions of "Podcast 2"

Latest revision as of 02:34, 31 January 2009

Participants

Interview with Stephen Craig Evans

Podcast References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools