This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Newsletter 3"

From OWASP
Jump to: navigation, search
(New Pages)
(OWASP Java Project)
Line 13: Line 13:
  
  
====OWASP Java Project====
+
==== OWASP Java Project====
 +
The [[:Category:OWASP Java Project]]'s goal is to enable Java and J2EE developers to build secure applications efficiently. See the OWASP Java Project Roadmap for more information on our plans.
 +
 
 +
Some links from [[OWASP Java Table of Contents]]:
 +
 
 
* [[How to perform HTML entity encoding in Java]] to prevent Cross Site Scripting attacks
 
* [[How to perform HTML entity encoding in Java]] to prevent Cross Site Scripting attacks
 
* [[JAAS Tomcat Login Module]] - an example of how to implement a time delayed JAAS login module in Tomcat
 
* [[JAAS Tomcat Login Module]] - an example of how to implement a time delayed JAAS login module in Tomcat
 
* [[Securing tomcat | Securing Apache Tomcat]] - a guide for deployers on how to secure Apache Tomcat
 
* [[Securing tomcat | Securing Apache Tomcat]] - a guide for deployers on how to secure Apache Tomcat
 
* [[Hashing Java| Hashing in Java]] - how to securely implement cryptographic hashing in Java
 
* [[Hashing Java| Hashing in Java]] - how to securely implement cryptographic hashing in Java
 +
* [[Java Security Resources]]
 +
* and [[How to add validation logic to HttpServletRequest]], [[Declarative Access Control in Java]], [[Protecting code archives with digital signatures]], [[JAAS Timed Login Module]]
 +
 +
 +
== OWASP Live CD Project ==
 +
 +
The  BETA Release of OWASP LiveCD ready for testing.
 +
 +
This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.
 +
 +
The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)
  
 
== Latest additions to the WIKI ==
 
== Latest additions to the WIKI ==

Revision as of 20:03, 22 January 2007

Using the same format as used in OWASP Newsletter 1 and OWASP Newsletter 2 this is the page that will be used for the next Newsletter

OWASP News

{....}

OWASP Projects that need your help

Featured Projects:

OWASP Java Project

The Category:OWASP Java Project's goal is to enable Java and J2EE developers to build secure applications efficiently. See the OWASP Java Project Roadmap for more information on our plans.

Some links from OWASP Java Table of Contents:


OWASP Live CD Project

The BETA Release of OWASP LiveCD ready for testing.

This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.

The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

Latest additions to the WIKI

New Pages

Updated pages

OWASP Community


Application Security News

  • Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
  • Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.

OWASP references in the Media