This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Newsletter 3
From OWASP
Using the same format as used in OWASP Newsletter 1 and OWASP Newsletter 2 this is the page that will be used for the next Newsletter
OWASP News
{....}
OWASP Projects that need your help
- [Java Project]: Convert Mark Petrovic's article Discovering a Java Application's Security Requirements into the WIKI (contact Stephen de Vries if you are interrested)
- [.Net Project]: Add PDP GnuCitizen AttackAPI to OWASP Site Generator and convert the php files into ASP.NET
Featured Projects:
OWASP Java Project
- How to perform HTML entity encoding in Java to prevent Cross Site Scripting attacks
- JAAS Tomcat Login Module - an example of how to implement a time delayed JAAS login module in Tomcat
- Securing Apache Tomcat - a guide for deployers on how to secure Apache Tomcat
- Hashing in Java - how to securely implement cryptographic hashing in Java
Latest additions to the WIKI
New Pages
- PDF Attack Filter for Apache mod rewrite - PDF Attack Filter for Apache mod rewrite, served by Apache with mod_rewrite installed.
- Struts XSLT Viewer
- Reviewing code for XSS issues
- OWASP WebScarab NG Project Technical Info, if you want to know what is happening under the hood of the new version of OWASP WebScarab NG Project
- with some content Portuguese (new chapter), All clients can be reverse engineered, monitored, and modified, Native Methods, Long long ago..., Java applet code review
Updated pages
- OWASP student projects - Updated with new ideas for projects
- How OWASP Works - Updated information on OWASP's board current structure and future plans
- Phoenix/Tools
- San_Francisco
- With Minor updates: Bytecode obfuscation, Chapters Assigned, Category:OWASP Top Ten Project
OWASP Community
- Feb 15 (18:00h) - Seattle chapter meeting
- Feb 13 (18:00h) - Ireland chapter meeting
- Feb 6 (18:00h) - Melbourne chapter meeting
- Jan 31 (15:00h) - Mumbai chapter meeting
- Jan 30 (11:30h) - Austin chapter meeting
- Jan 25 (18:00h) - San Francisco chapter meeting
- Jan 25 (14:30h) - Italy@ISACA Rome
- Jan 24 (17:30h) - 6th OWASP Israel chapter meeting
- Jan 23 (18:00h) - Belgium chapter meeting
Application Security News
- Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
- Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.
- Hackers attack MoneyGram International server, breach personal info of 80,000 customers - A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.
- Also worth a read: A Rude Awakening , Making Security Rewarding Discovering a Java Application's Security Requirements, Security Startups Make Debut, Source Code Specialist Fortify to Buy Secure Software , Ajax Sniffer - Prrof of concept, Decoding the Google Blacklist, Visual WebGui Announces The Dot.Net Answer To Google's GWT
OWASP references in the Media
- Lock it down: Use the OWASP Top Ten to secure your Web applications -- Part 1, Builder.com, Jan 19, 2007