This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Newsletter 3

From OWASP
Revision as of 23:31, 22 January 2007 by Dinis.cruz (talk | contribs) (Latest Blog entries)

Jump to: navigation, search

will be Sent to owasp-all mailing list on 22th Jan 2007

OWASP Newsletter #3 – January 16th 2006 to January 22th 2007

Welcome to OWASP Newsletter #3. I would like start by asking you all to be a little bit more active with OWASP projects (note that ALL pages on the www.owasp.org website are WIKI pages which you can edit directly (all you need is an account which you can create in 1 minute)).

We need more feedback on our tools, more comments on our documents and more development in our projects (if you want to collaborate but are not sure how, drop me an email and I will channel your energies to a relevant active project). I added a new section to this newsletter called 'OWASP Projects that need your help' with the idea to give you a heads up on projects that need help (also if you are a project leader, please feel free to add your requests to the next version of the newsletter). Remember that OWASP is a Open Community that is made by its members (and the more you contribute the more you and your company will benefit).

I would like to give a big welcome to our new [[chapter from my home country Portugal, say that the latest Beta version of OWASP Live CD is now released and ready for your tests, and that projects like the OWASP Java Project (featured below) are producing amazing material but need more colaboration (and let's not even talk about the OWASP Java Project which I am supposed to developing and is currently going noware (with some noble exceptions (Mike and Boris thx))]].

If all goes as planned, next week we will be releasing the first 'Release Candidate' version of the OWASP Top 10 2007 document which we want you all to take a good look (the plan is to have a wide peer review process and only release the final version when it is ready)

As normal you can find below the links to the latest WIKI changes (with a new section for 'Interresting Discussion Threads' on our mailing lists)

And don't forget, if you want something to appear in the next version, please add it to OWASP Newsletter 4

Dinis Cruz Chief OWASP Evangelist London, UK


OWASP Projects that need your help

Featured Project: OWASP Java Project

The Category:OWASP Java Project's goal is to enable Java and J2EE developers to build secure applications efficiently. See the OWASP Java Project Roadmap for more information on our plans.

Some links from OWASP Java Table of Contents:

Featured Project: OWASP Live CD

The BETA Release of OWASP LiveCD ready for testing.

This distro is Beta Version 0.8 named "LabRat" and is part of the OWASP Autumn of Code sponsorship. The distro is focused on providing all of OWASP tools and documents on a bootable CD. The goal is to have a portable distro that can be used by professional penetration testers,security admins, Students, or anyone interested in computer security to perform work,training, or research. All you have to do is burn the .ISO to DVD or start under Vmware/Virtual PC and you will have a full Linux desktop environment loaded with OWASP tools and documents.

The distro can be downloaded from the PacketFocus website (http://packetfocus.com/hackos/AOC_Labrat-ALPHA-0008.iso) ((800mb)) After you download it just burn it to a DVD or use something like Vmware server to try it out. Vmware is a free download now (www.vmware.com)

Latest additions to the WIKI

New Pages

Updated pages

Latest Blog entries

Interresting Discussion Threads

OWASP Community

Application Security News

  • Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )
  • Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.

OWASP references in the Media