This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Podcast News"
From OWASP
m |
|||
| Line 17: | Line 17: | ||
==OWASP AppSec News== | ==OWASP AppSec News== | ||
| − | 4/0 Data Loss dB - http://preview.tinyurl.com/qxrbqm <br /> | + | ;4/0 Data Loss dB - http://preview.tinyurl.com/qxrbqm <br /> |
| − | (5) Hacked websites that hit the news this month.<br /> | + | :(5) Hacked websites that hit the news this month.<br /> |
| − | 4/2 http://www.securitybalance.com/2009/04/mq-one-of-the-blind-spots/<br /> | + | ;4/2 http://www.securitybalance.com/2009/04/mq-one-of-the-blind-spots/<br /> |
| − | Augusto Paes de Barros from the Security Balance blog posts about message queue security<br /> | + | :Augusto Paes de Barros from the Security Balance blog posts about message queue security<br /> |
| − | 4/3 http://i8jesus.com/?p=37<br /> | + | ;4/3 http://i8jesus.com/?p=37<br /> |
| − | Arshan Dabirsiaghi posts on his blog about Browser scheme/slash quirks<br /> | + | :Arshan Dabirsiaghi posts on his blog about Browser scheme/slash quirks<br /> |
| − | + | ;4/7 http://michael-coates.blogspot.com/2009/04/ssl-whos-to-blame.html<br /> | |
| − | + | :Michael Coates talks about SSL and who is to blame: webites, browsers, or users?<br /> | |
| − | 4/7 http://michael-coates.blogspot.com/2009/04/ssl-whos-to-blame.html<br /> | + | ;4/8 http://blog.portswigger.net/2009/04/using-burp-extender.html<br /> |
| − | Michael Coates talks about SSL and who is to blame: webites, browsers, or users?<br /> | + | :PortSwigger adds some interesting information about using the Burp Extender<br /> |
| − | 4/8 http://blog.portswigger.net/2009/04/using-burp-extender.html<br /> | + | ;4/9 http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html<br /> |
| − | PortSwigger adds some interesting information about using the Burp Extender<br /> | + | :Michael Coates asks the question, "[which] universities out there are offering classes which address web application security?"<br /> |
| − | 4/9 http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html<br /> | + | ;4/9 http://blogs.msdn.com/sdl/archive/2009/04/09/improving-security-with-url-rewriting.aspx<br /> |
| − | Michael Coates asks the question, "[which] universities out there are offering classes which address web application security?"<br /> | + | :Bryan Sullivan talks about improving web application security with URL Rewriting<br /> |
| − | 4/9 http://blogs.msdn.com/sdl/archive/2009/04/09/improving-security-with-url-rewriting.aspx<br /> | + | ;4/12 http://aboulton.blogspot.com/2009/04/security-assessing-java-rmi-slides.html<br /> |
| − | Bryan Sullivan talks about improving web application security with URL Rewriting<br /> | + | :Adam Boulton's OWASP presentation on Security Assessing Java RMI has been made available on his blog<br /> |
| − | 4/12 http://aboulton.blogspot.com/2009/04/security-assessing-java-rmi-slides.html<br /> | + | ;4/12 http://shiflett.org/blog/2009/apr/a-rev-canonical-http-header<br /> |
| − | Adam Boulton's OWASP presentation on Security Assessing Java RMI has been made available on his blog<br /> | + | :Chris Shiflett sugggets #revcanonical HTTP Header<br /> |
| − | 4/12 http://shiflett.org/blog/2009/apr/a-rev-canonical-http-header<br /> | + | ;4/16 http://www.informit.com/articles/article.aspx?p=1338343<br /> |
| − | Chris Shiflett sugggets #revcanonical HTTP Header<br /> | + | :http://www.cigital.com/justiceleague/2009/04/16/software-security-2008/ Gary McGraw uses statistics to show that Software Security has come of age<br /> |
| − | 4/16 http://www.informit.com/articles/article.aspx?p=1338343<br /> | + | ;4/17 http://research.zscaler.com/2009/04/we-used-to-laugh-at-xss.html<br /> |
| − | http://www.cigital.com/justiceleague/2009/04/16/software-security-2008/ | + | :Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)<br /> |
| − | Gary McGraw uses statistics to show that Software Security has come of age<br /> | + | ;4/17 http://jeremiahgrossman.blogspot.com/2009/04/software-security-grew-to-nearly-500m.html<br /> |
| − | 4/17 http://research.zscaler.com/2009/04/we-used-to-laugh-at-xss.html<br /> | + | :Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing<br /> |
| − | Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)<br /> | + | ;4/17 http://jeremiahgrossman.blogspot.com/2009/04/website-threats-and-their-capabilities.html<br /> |
| − | 4/17 http://jeremiahgrossman.blogspot.com/2009/04/software-security-grew-to-nearly-500m.html<br /> | + | :OWASP Catalyst announced<br /> |
| − | Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing<br /> | + | ;4/20 http://paco.to/?p=305<br /> |
| − | 4/17 http://jeremiahgrossman.blogspot.com/2009/04/website-threats-and-their-capabilities.html<br /> | + | :Paco lists 5 reasons for software certifications<br /> |
| − | OWASP Catalyst announced<br /> | + | ;4/20 http://www.greensheet.com/newswire.php?newswire_id=11693<br /> |
| − | 4/20 http://paco.to/?p=305<br /> | + | :Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard(R) PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS<br /> |
| − | Paco lists 5 reasons for software certifications<br /> | + | ;4/20 http://labs.securitycompass.com/index.php/2009/04/20/security-analysis-of-core-j2ee-design-patterns/<br /> |
| − | 4/20 http://www.greensheet.com/newswire.php?newswire_id=11693<br /> | + | :Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"<br /> |
| − | Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard(R) PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS<br /> | + | ;4/21 http://docs.google.com/Doc?id=dd7x5smw_16hdd34ggz<br/> |
| − | 4/20 http://labs.securitycompass.com/index.php/2009/04/20/security-analysis-of-core-j2ee-design-patterns/<br /> | + | :mario heiderich posts some results of browser fuzzing on extraneous characters in tags<br/> |
| − | Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"<br /> | + | ;4/22 http://plynt.com/blog/2009/04/how-frequently-should-an-appli/<br /> |
| − | 4/21 http://docs.google.com/Doc?id=dd7x5smw_16hdd34ggz<br/> | + | :The Plynt blog asks the question, "How frequently shoud Applications be Tested?"<br /> |
| − | mario heiderich posts some results of browser fuzzing on extraneous characters in tags<br/> | + | ;4/24 http://www.owasp.org/index.php/Man_vs._Code<br /> |
| − | 4/22 http://plynt.com/blog/2009/04/how-frequently-should-an-appli/<br /> | + | :Mike Boberski of the OWASP ASVS Project posts a wiki article about using Notepad++ to syntax highlight PHP code<br /> |
| − | The Plynt blog asks the question, "How frequently shoud Applications be Tested?"<br /> | + | ;4/25 http://shreeraj.blogspot.com/2009/04/web2proxy-beta-web-20-application-proxy.html<br /> |
| − | 4/24 http://www.owasp.org/index.php/Man_vs._Code<br /> | + | :Shreeraj Shah releases a new tool, Web2Proxy, which is a Web 2.0 Application Proxy, Profiling, and Fuzzing Tool<br /> |
| − | Mike Boberski of the OWASP ASVS Project posts a wiki article about using Notepad++ to syntax highlight PHP code<br /> | + | ;4/26 http://enablesecurity.com/2009/04/26/the-state-of-web-application-security-and-their-firewalls/<br /> |
| − | 4/25 http://shreeraj.blogspot.com/2009/04/web2proxy-beta-web-20-application-proxy.html<br /> | + | :Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"<br /> |
| − | Shreeraj Shah releases a new tool, Web2Proxy, which is a Web 2.0 Application Proxy, Profiling, and Fuzzing Tool<br /> | + | ;4/27 http://tacticalwebappsec.blogspot.com/2009/04/scanner-and-waf-data-sharing.html<br /> |
| − | 4/26 http://enablesecurity.com/2009/04/26/the-state-of-web-application-security-and-their-firewalls/<br /> | + | :Ryan Barnett gives guidance on how best to make VA+WAF work together<br /> |
| − | Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"<br /> | + | ;4/27 http://www.owasp.org/index.php/Category:OWASP_PCI_Project <br /> |
| − | 4/27 http://tacticalwebappsec.blogspot.com/2009/04/scanner-and-waf-data-sharing.html<br /> | + | :Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance. |
| − | Ryan Barnett gives guidance on how best to make VA+WAF work together<br /> | ||
| − | 4/27 http://www.owasp.org/index.php/Category:OWASP_PCI_Project <br /> | ||
| − | Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance. | ||
Revision as of 00:58, 15 May 2009
OWASP Podcast News
OWASP NEWS April 2009
OWASP General News
OWASP paid members reach 578 http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
Global Committees progress
https://www.owasp.org/index.php/Global_Committee_Pages
What should the next OWASP Top 10 contain? http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Upcoming Conferences
http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
OWASP AppSec News
- 4/0 Data Loss dB - http://preview.tinyurl.com/qxrbqm
- (5) Hacked websites that hit the news this month.
- 4/2 http://www.securitybalance.com/2009/04/mq-one-of-the-blind-spots/
- Augusto Paes de Barros from the Security Balance blog posts about message queue security
- 4/3 http://i8jesus.com/?p=37
- Arshan Dabirsiaghi posts on his blog about Browser scheme/slash quirks
- 4/7 http://michael-coates.blogspot.com/2009/04/ssl-whos-to-blame.html
- Michael Coates talks about SSL and who is to blame: webites, browsers, or users?
- 4/8 http://blog.portswigger.net/2009/04/using-burp-extender.html
- PortSwigger adds some interesting information about using the Burp Extender
- 4/9 http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html
- Michael Coates asks the question, "[which] universities out there are offering classes which address web application security?"
- 4/9 http://blogs.msdn.com/sdl/archive/2009/04/09/improving-security-with-url-rewriting.aspx
- Bryan Sullivan talks about improving web application security with URL Rewriting
- 4/12 http://aboulton.blogspot.com/2009/04/security-assessing-java-rmi-slides.html
- Adam Boulton's OWASP presentation on Security Assessing Java RMI has been made available on his blog
- 4/12 http://shiflett.org/blog/2009/apr/a-rev-canonical-http-header
- Chris Shiflett sugggets #revcanonical HTTP Header
- 4/16 http://www.informit.com/articles/article.aspx?p=1338343
- http://www.cigital.com/justiceleague/2009/04/16/software-security-2008/ Gary McGraw uses statistics to show that Software Security has come of age
- 4/17 http://research.zscaler.com/2009/04/we-used-to-laugh-at-xss.html
- Michael Sutton discusses history of XSS from Defcon 10 (2002) to the present day (Twitter worm)
- 4/17 http://jeremiahgrossman.blogspot.com/2009/04/software-security-grew-to-nearly-500m.html
- Jeremiah uses McDonalds and Mortons as comparatives for black-box vs. white-box security testing
- 4/17 http://jeremiahgrossman.blogspot.com/2009/04/website-threats-and-their-capabilities.html
- OWASP Catalyst announced
- 4/20 http://paco.to/?p=305
- Paco lists 5 reasons for software certifications
- 4/20 http://www.greensheet.com/newswire.php?newswire_id=11693
- Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard(R) PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS
- 4/20 http://labs.securitycompass.com/index.php/2009/04/20/security-analysis-of-core-j2ee-design-patterns/
- Rohit Sethi of SecurityCompass posts a blog post on a new Security Compass Labs blog about "Security Analysis of Core Java Enterprise Patterns"
- 4/21 http://docs.google.com/Doc?id=dd7x5smw_16hdd34ggz
- mario heiderich posts some results of browser fuzzing on extraneous characters in tags
- 4/22 http://plynt.com/blog/2009/04/how-frequently-should-an-appli/
- The Plynt blog asks the question, "How frequently shoud Applications be Tested?"
- 4/24 http://www.owasp.org/index.php/Man_vs._Code
- Mike Boberski of the OWASP ASVS Project posts a wiki article about using Notepad++ to syntax highlight PHP code
- 4/25 http://shreeraj.blogspot.com/2009/04/web2proxy-beta-web-20-application-proxy.html
- Shreeraj Shah releases a new tool, Web2Proxy, which is a Web 2.0 Application Proxy, Profiling, and Fuzzing Tool
- 4/26 http://enablesecurity.com/2009/04/26/the-state-of-web-application-security-and-their-firewalls/
- Wendel Guglielmetti Henrique from Trustwave and Sandro Gauchi of EnableSecurity spoke at TROOPERS09 in Munch about "The Truth of Web Application Firewalls: what the vendors do NOT want you to know"
- 4/27 http://tacticalwebappsec.blogspot.com/2009/04/scanner-and-waf-data-sharing.html
- Ryan Barnett gives guidance on how best to make VA+WAF work together
- 4/27 http://www.owasp.org/index.php/Category:OWASP_PCI_Project
- Ed Bellis and Trey Ford start a PCI effort to ensure their activities uniformly meet PCI requirements, and for those getting started - to aid in building a website security strategy that also ensures sustainable PCI compliance.
