This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:OWASP News"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
: item
 
: item
 
-->
 
-->
 +
; '''Sep 7 - [https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf New PCI requires code review or WAF]'''
 +
: Under the new requirements, applications processing cardholder information MUST get either a [[:Category:OWASP Code Review Project|code review]] or a [[web app firewall]]. The language isn’t exactly clear about what happens in 2008. In addition, the OWASP [[Top Ten]] must still be addressed.
 +
 
; '''Aug 31 - [[OWASP Autumn Of Code 2006 : Press Release | OWASP Autumn Of Code 2006]]'''  
 
; '''Aug 31 - [[OWASP Autumn Of Code 2006 : Press Release | OWASP Autumn Of Code 2006]]'''  
 
: Today we are lauching a new project called "OWASP Autumn of Code 2006" which will sponsor individuals to work on existing OWASP Projects.
 
: Today we are lauching a new project called "OWASP Autumn of Code 2006" which will sponsor individuals to work on existing OWASP Projects.
Line 17: Line 20:
 
   * [[:Category:OWASP_SQLiX_Project|SQLiX]] - SQL injection scanner
 
   * [[:Category:OWASP_SQLiX_Project|SQLiX]] - SQL injection scanner
 
   * [[:Category:OWASP_Pantera_Web_Assessment_Studio_Project|Pantera]] - Web application analysis engine
 
   * [[:Category:OWASP_Pantera_Web_Assessment_Studio_Project|Pantera]] - Web application analysis engine
 
; '''Aug 14 - [http://www.iese.fraunhofer.de/download/Security-Checker-Tools-for-Web-Applications.pdf Detailed analysis of application security tools]'''
 
: Holger Peine of the Fraunhofer Institute compares a number of free tools (WebScarab, Paros, Burp Suite, Spike Proxy), and commercial tools (AppScan, WebInspect, Acunetix). The methodology is quite detailed and uses OWASP's WebGoat and a 'normal' web application.
 
 
; '''Aug 14 - [http://www.owasp.org/index.php/Image:Threat_modelling_of_pharming.doc When Phishing Evolves to Pharming]
 
: "Phishing is evolving into a new type of attack called pharming. Pharming redirects users to fraudulent websites seamlessly without any suspicious activity such as spam mail that asks a user to login at a website. This paper analyses possible vectors of pharming and creates a threat model for it with attack tree." OWASP would like to thank Cheong Kai Wee for the submission of this paper! [[:Category:OWASP_Papers|Click here]] for details on submitting your own paper to the [[:Category:OWASP_Papers|OWASP Papers Program]].
 
  
 
; [[OWASP News|Older news...]]
 
; [[OWASP News|Older news...]]

Revision as of 14:17, 7 September 2006

Sep 7 - New PCI requires code review or WAF
Under the new requirements, applications processing cardholder information MUST get either a code review or a web app firewall. The language isn’t exactly clear about what happens in 2008. In addition, the OWASP Top Ten must still be addressed.
Aug 31 - OWASP Autumn Of Code 2006
Today we are lauching a new project called "OWASP Autumn of Code 2006" which will sponsor individuals to work on existing OWASP Projects.
Aug 31 - Dinis Cruz video interview
Dinis talks about .NET security, the future of OWASP, and the brand new Autumn of Code project.
Aug 31 - Article about OWASP on Banca Finanza magazine
Banca Finanza mag has interviewed Raoul Chiesa talking about the new risks for the on-line banking security. Raoul speaks about OWASP and web application security.
Aug 27 - New OWASP Projects
Check out these three new tool projects starting and join us in making them better.
 * LAPSE - J2EE static analysis tool
 * SQLiX - SQL injection scanner
 * Pantera - Web application analysis engine
Older news...