This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:OWASP News
From OWASP
- Aug 14 - Detailed analysis of application security tools
- Holger Peine of the Fraunhofer Institute compares a number of free tools (WebScarab, Paros, Burp Suite, Spike Proxy), and commercial tools (AppScan, WebInspect, Acunetix). The methodology is quite detailed and uses OWASP's WebGoat and a 'normal' web application.
- Aug 14 - When Phishing Evolves to Pharming
- "Phishing is evolving into a new type of attack called pharming. Pharming redirects users to fraudulent websites seamlessly without any suspicious activity such as spam mail that asks a user to login at a website. This paper analyses possible vectors of pharming and creates a threat model for it with attack tree." OWASP would like to thank Cheong Kai Wee for the submission of this paper! Click here for details on submitting your own paper to the OWASP Papers Program.
- Jul 31 - CAL9000 v1.1 released
- The in-browser JavaScript based web app testing framework has added enhanced encode/decode functions and several bugfixes.
- Jul 31 - Fortify donates vulnerability research to OWASP
- Announcing a new extensive classification of software security vulnerabilities created and donated by Fortify Software Inc. The full set of vulnerabilities and the research that accompanies it is available in the OWASP Honeycomb Project.
- Jul 11 - Two part interview on Ajax with OWASP's Andrew van der Stock
- In this two part interview, Andrew discusses the key security threats facing Ajax applications and practical advice for securing them. "I expect more Ajax vulnerabilities and exploits to surface, and I expect researchers to come up with additional "new" flaws that need to be protected against."
