OWASP Newsletter 10

Sent to owasp-all mailing list on ?? May 2007

OWASP Newsletter #10 (10-Jul-2007)

Welcome to the 10th OWASP Newsletter covering:

• The OWASP Moderated AppSec News Feed
• (Past) OWASP on the Move Events
• What's happening online at OWASP and in your chapters?
• OWASP references in the Media

Don't by shy to put YOUR stuff in the next OWASP Newsletter 11.

regards,

Sebastien Deleersnyder

Belgium/Luxemburg OWASP Chapter board member

Featured Item: The OWASP Moderated AppSec News Feed

This news feed is moderated by OWASP and will feature high-quality posts focused on application security that advance the field, provide useful insight, or are useful educational resources. The OWASP Moderated AppSec News Feed

(Past) OWASP on the Move Events

• In Turkey Dinis will talk about OWASP World (tools, documents, projects,etc..)
• In Belgium Ivan Ristic and Dinis Cruz came to the chapter meeting (sponsored by F5 Networks locally).

The OWASP on the Move page allows you to find:

• OWASP speakers to entertain OWASP presentations and that want to see the world
• Local chapters or application security events that want to attract an OWASP speaker
• OWASP sponsors that want to support spreading the OWASP message

Latest additions to the WIKI

• Cross-Site Request Forgery
• 7th OWASP AppSec Conference - San Jose 2007
• OWASP Code Review Guide Table of Contents
• First sweep of the code base
• Category:OWASP Web 2.0 Project
• Category:How To
• Java Server Faces
• OWASP Spring Of Code 2007 Project Management
• Resource Injection
• Repudiation Attack
• Top 10 2007-Injection Flaws
• Wiki sandbox
• IPhone
• WSS
• Category:OWASP .NET Project
• Template:Jobs Board
• Introduction
• DN BOFinder
• Category:OWASP Web Application Security Put Into Practice
• Cross Site Scripting
• CSRF Guard
• Top 10 2007-Cross Site Request Forgery
• Category:OWASP DirBuster Project
• Appendix A: Testing Tools
• OWASP Code Review Guide Table of Contents
• Top 10 2007-Insecure Cryptographic Storage
• Cryptography
• Top 10 2007-Broken Authentication and Session Management
• Avoiding SQL Injection
• Reviewing Code for SQL Injection
• Testing for SQL Injection
• Top 10 2007-Injection Flaws
• Guide to SQL Injection
• Top 10 2007-Cross Site Scripting
• Category:OWASP Cookies Database
• Category:OWASP CLASP Project
• Category:OWASP Oracle Project
• OWASP on the Move
• Reviewing Cryptographic Code
• Category:OWASP XML Security Gateway Evaluation Criteria Project Latest

Updated chapterpages

Updated chapter pages:

• Boston
• Turkey
• Denver
• Spain
• Phoenix/Tools
• Taiwan OWASP 2007
• Virginia (Northern Virginia)
• Houston
• Belgium
• Boulder
• NYNJMetro
• Toronto
• France
• Minneapolis St Paul

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of presentations.

OWASP Community

OWASP and WASC have joined together to host a combined meetup at Blackhat USA 2007 in Las Vegas on Aug 1 from 8-9:30 at the Shadow Bar. Breach Security has stepped forward to sponsor the event. Please download the invite and RSVP. Come and join us for a drink and meet other like minded people from the industry. NOTE: Those who have already RSVPed need not to RSVP again.

OWASP references in the Media

• Random Thoughts On OWASP
• RSnake at Austin Chapter
• OWASP Risk Evaluation (and how a WIKI is great at correcting things on the fly)