This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Newsletter 2"
From OWASP
Dinis.cruz (talk | contribs) (→OWASP Community) |
Dinis.cruz (talk | contribs) (→Application Security News (from Owasp.org)) |
||
| Line 84: | Line 84: | ||
==== Application Security News (from Owasp.org) ==== | ==== Application Security News (from Owasp.org) ==== | ||
| + | |||
| + | [Dinis note: Although Marcus raises ] | ||
| + | ; '''Jan 10 - [http://www2.csoonline.com/exclusives/column.html?CID=28072 Vulnerability Disclosure: The Good, the Bad and the Ugly]''' | ||
| + | :''More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?'', three good articles: [http://www2.csoonline.com/exclusives/column.html?CID=28071 Microsoft: Responsible Vulnerability Disclosure Protects Users] , [http://www2.csoonline.com/exclusives/column.html?CID=28073 Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’], [http://www2.csoonline.com/exclusives/column.html?CID=28072 The Vulnerability Disclosure Game: Are We More Secure?] and [http://www.csoonline.com/read/010107/fea_vuln.html The Chilling Effect] | ||
Revision as of 10:59, 16 January 2007
Using the same format as used in OWASP Newsletter 1 this is the page that will be used for the next Newsletter
OWASP News
- ORG (OWASP Report Generator) - New release of ORG Installer (1/15/2007)
- OWASP Live CD Beta Release - You can download it from http://www.packetfocus.com/hackos
Featured Projects: {TBD}
Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS
OWASP contributors from Aspect Security have developed two new Java EE filters to protect against common web attacks. Just add a few lines to your web.xml file and enjoy the protection.
- CSRF and Reflected XSS Filter for Java EE
- This filter adds a random token to forms and URLs that prevent an attacker from executing both CSRF and reflected XSS attacks.
- Adobe XSS Filter for Java EE
- This filter protects against the recent XSS attacks on PDF files. By using a redirect and an encrypted token, this filter ensures that dangerous attacks are not passed into the Adobe reader plugin.
Latest Blog Entries
As posted in blogs.owasp.org
- from Eoin Keary blog
- OWASP Testing Guide v2.0, January 11th, 2007
- OWASP Code review Guide, January 3rd
- innerHTML and eval - Javascript/Ajax attacks - 101, January 3rd, 2007
- What Next for App Sec (Contd) - Gmail exploit, January 2nd, 2007
- OWASP Live CD, January 2nd, 2007
- What next for app Sec, January 2nd, 2007
- from Life of an OWASP Chapter Leader blog
- The OWASP Chapter Leader Handbook, January 6th, 2007 by
- PHP (in)security, December 15th
- Poll results of last year, December 15th
- So you want to become a chapter leader?, December 14th
- from On Security blog
- Good Development Leads to Good Security, January 9th, 2007
- from HTTP SOAP Pen Testing blog
- Pen Testing Web Services, December 13th
Latest additions to the WIKI
New pages
- OWASP Testing Project v2.0 - Review Guidelines - Support page for the OWASP Testing Project V2.0 Review effortw where you will find more details on how to participate in this collaborative review process.
- Chapter Leader Handbook - Handbook for new and experienced chapter leaders on leading an active chapter community.
- OWASP WebScarab NG Project - Rogan details his work on the new version of WebScarab
- Phoenix/Tools - Good list of Web App Sec tools
- Eoin has been quite busy this week working on the new version of theCategory: OWASP Code Review Project
- Logging issues
- Reviewing Code for Buffer Overruns and Overflows
- Reviewing Code for OS Injection
- Reviewing Code for Data Validation
- Reviewing Code for Logging Issues
- Reviewing The Secure Code Environment
- Chapters Assigned
- just starting SQL Injection Cookbook template, SQL Injection Cookbook - Oracle, Preface , Reasons for using automated tools,Education and cultural change, Tool Deployment Model
Edited Pages
- OWASP_AppSec_Conference_Sponsors - for you if you want to sponsor one of the next OWASP conferences. Quote from page: "OWASP is accepting sponsorships for the 2007 OWASP Conferences. Financial sponsorship for a conference will help defray the non-profit OWASP Foundation's expenses to prepare for and hold this conference."
- Chapter updates: New_Zealand , Denver, Washington DC
- Membership
- Securing tomcat
- Cross-Site Request Forgery
- Chapter Rules
- OWASP Autumn of Code 2006 - Projects: Web Goat
OWASP Community
- Feb 13 (18:00h) - Ireland chapter meeting
- Feb 6 (18:00h) - Melbourne chapter meeting
- Jan 31 (15:00h) - Mumbai chapter meeting
- Jan 30 (11:30h) - Austin chapter meeting
- Jan 25 (14:30h) - Italy@ISACA Rome
- Jan 23 (18:00h) - Belgium chapter meeting
- Jan 22 (18:00h) - Rochester chapter meeting
- Jan 17 (18:30h) - Denver chapter meeting
- Jan 16 (17:45h) - Edmonton chapter meeting
OWASP News Headlines (from owasp.org website)
Application Security News (from Owasp.org)
[Dinis note: Although Marcus raises ]
- Jan 10 - Vulnerability Disclosure: The Good, the Bad and the Ugly
- More than a decade into the practice of vulnerability disclosure, where do we stand? Are we more secure? Or less?, three good articles: Microsoft: Responsible Vulnerability Disclosure Protects Users , Schneier: Full Disclosure of Security Vulnerabilities a ’Damned Good Idea’, The Vulnerability Disclosure Game: Are We More Secure? and The Chilling Effect
