Difference between revisions of "OWASP Newsletter 14"

Revision as of 10:58, 29 February 2008

OWASP Newsletter #14 (xx-Feb-2008)

Welcome to the 14th edition of the OWASP Newsletter, featuring TBD and the TBD Project.

As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 15.

Alison McNamee - OWASP Operations Director - [email protected]

Featured Item: Proposed OWASP Project Assessment

• OWASP has begun the process of stabilization its PROJECT ASSESSMENT CRITERIA. The objective is to have clear and objective requirements for OWASP project's deliverables (for both tools and documentation).
  • The current structure is still in flux, so please spend some time reviewing it and send us your comments.
  • The objective is to map all OWASP Projects to the proposed 3 project modes (Release Quality, Beta Quality and Alpha Quality) in the next couple months.

Featured Project: OWASP Spring of Code 2008 is about to be launched - March 3rd

• OWASP is about to launch the 'OWASP SUMMER OF CODE 2008' (SoC 2008). This follows the successfull OWASP Spring of Code 2007 (SpoC 07), in which 21 projects were sponsored with a budget of US$117,500, and the OWASP Autumn of Code 2006 (AoC 06), in which 9 projects were sponsored with a budget of US$20,000.
• The SoC 2008 is an open sponsorship program were participants/developers are paid to work on OWASP (and web security) related projects.
• The SoC 2008 is also an opportunity for external individual or company sponsors to challenge the participants/developers to work in areas in which they are willing to invest additional funding.
• For more details see:
  • OWASP Summer of Code 2008 - Main page of SoC 08
  • OWASP Summer of Code 2008 Press Release - Press release.
  • OWASP Summer of Code 2008 Applications - To submit applications.
  • OWASP Summer 0f Code 2008 : Selection - Jury's evaluation of applications.
  • Who Can Apply?
  • How To Participate (To Developers)
  • Schedule
  • Jury and Selection Criteria
  • Operational Rules
  • General Rules
  • SoC 2008 Budget

Latest additions to the WIKI

New Pages

• OWASP Summer of Code 2008
• OWASP Summer of Code 2008 Press Release
• OWASP Summer of Code 2008 Applications
• OWASP Summer of Code 2008 Applications - Proposal Type
• OWASP Summer of Code 2008 - Selection
• Control Template
• JSP JSTL
• ASDR Table of Contents

New Chapter Pages

• Bay Area Past Events
• Denver February 2008 Meeting
• South Africa

Updated Pages

• OWASP AppSec Europe 2008 - Belgium
• OWASP AJAX Security Project Roadmap
• Category:OWASP AJAX Security Project
• Testing for AJAX Vulnerabilities
• CSRF Guard 2x Roadmap
• Category:OWASP Testing Project
• OWASP DirBuster Project
• OWASP Project Assessment
• Front Range Web Application Security Summit Planning Page
• Reviewing Code for Data Validation

Updated chapter pages:

• Belgium
• Bay Area
• San Jose
• San Francisco Bay Area
• Boulder
• Denver
• Spain
• Latvia
• New Zealand
• Eugene
• Helsinki
• South Africa
• Greece
• Austin
• Memphis
• NYNJMetro

New Documents & Presentations from chapters

• French Translation of OWASP Top 10

For a complete list of chapter presentations see the online table of presentations.

OWASP references in the Media

• Your Client-Side Security Sucks
• The Changed Face of Cybercrime
• Authentication & Authorization Assumptions
• Locks are to keep the honest people out

Application Security News Feed