This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Newsletter 3"
From OWASP
Dinis.cruz (talk | contribs) (→Application Security News) |
Dinis.cruz (talk | contribs) (→Application Security News) |
||
| Line 39: | Line 39: | ||
* [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html Web Application Security Professionals Survey (Jan. 2007)] - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) ) | * [http://jeremiahgrossman.blogspot.com/2007/01/web-application-security-professionals.html Web Application Security Professionals Survey (Jan. 2007)] - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) ) | ||
| − | + | * [http://www.securityfocus.com/news/11436?ref=rss Don't take security advice from the devil you know!] - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right. | |
| + | |||
| + | * [http://www.scmagazine.com/asia/news/article/626120/hackers-attack-moneygram-international-server-breach-personal-info-80000-customers/ Hackers attack MoneyGram International server, breach personal info of 80,000 customers]''' - A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday. | ||
| + | |||
| + | * Also worth a read: [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html A Rude Awakening] , [http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html Making Security Rewarding] [http://www.onjava.com/lpt/a/6844 Discovering a Java Application's Security Requirements], [http://www.darkreading.com/document.asp?doc_id=115110&WT.svl=news1_1 Security Startups Make Debut], [http://www.eweek.com/article2/0,1895,2085461,00.asp Source Code Specialist Fortify to Buy Secure Software] , [http://myappsecurity.blogspot.com/2007/01/ajax-sniffer-prrof-of-concept.html Ajax Sniffer - Prrof of concept], [http://portal.spidynamics.com/blogs/msutton/ Decoding the Google Blacklist], [http://newsroom.eworldwire.com/view_release.php?id=16273 Visual WebGui Announces The Dot.Net Answer To Google's GWT] | ||
== OWASP references in the Media == | == OWASP references in the Media == | ||
{....} | {....} | ||
Revision as of 19:29, 22 January 2007
Using the same format as used in OWASP Newsletter 1 and OWASP Newsletter 2 this is the page that will be used for the next Newsletter
OWASP News
{....}
OWASP Projects that need your help
- [Java Project]: Convert Mark Petrovic's article Discovering a Java Application's Security Requirements into the WIKI (contact Stephen de Vries if you are interrested)
- [.Net Project]: Add PDP GnuCitizen AttackAPI to OWASP Site Generator and convert the php files into ASP.NET
Featured Projects:
OWASP Java Project
- How to perform HTML entity encoding in Java to prevent Cross Site Scripting attacks
- JAAS Tomcat Login Module - an example of how to implement a time delayed JAAS login module in Tomcat
- Securing Apache Tomcat - a guide for deployers on how to secure Apache Tomcat
- Hashing in Java - how to securely implement cryptographic hashing in Java
Latest additions to the WIKI
Updated pages
- OWASP student projects - Updated with new ideas for projects
- How OWASP Works - Updated information on OWASP's board current structure and future plans
- OWASP WebScarab NG Project Technical Info - Technical info about the OWASP WebScarab NG Project
OWASP Community
{....}
OWASP News Headlines
{....}
Application Security News
- Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
- Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
- Hackers attack MoneyGram International server, breach personal info of 80,000 customers - A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
- Also worth a read: A Rude Awakening , Making Security Rewarding Discovering a Java Application's Security Requirements, Security Startups Make Debut, Source Code Specialist Fortify to Buy Secure Software , Ajax Sniffer - Prrof of concept, Decoding the Google Blacklist, Visual WebGui Announces The Dot.Net Answer To Google's GWT
OWASP references in the Media
{....}
