This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:OWASP News
From OWASP
Jun 23 - Apparently XSS is not the result of insecure code, says Neosmart Security Analyst
- "The problem isn’t so much in the attack itself as much as it is in the usage of the term. XSS is not a real security vulnerability in a product or script since it does not directly result in the loss of data integrity, but rather can be used as a tool in social engineering attacks and can never compromise the security of a server/host under any conditions nor that of an end-user on its own. Sites with XSS “vulnerabilities” aren’t insecure." Perhaps Neosmart should review the effects of Cross Site Scripting in the OWASP Top Ten Project.
Jun 21 - OWASP WebScarab Ranked 35th on Insecure.org's Top 100 Security Tools
- Nmap's Fyodor asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed him to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. Respondents were allowed to list open source or commercial tools on any platform.
- Jun 20 - Professional pen testers rely on OWASP
- This new book is organized around the OWASP Top Ten, and goes into detail about WebScarab and WebGoat. "OWASP's WebScarab is rock solid and a must-have for any serious Web app pen tester"
- Jun 8 - New OWASP CAL9000 Project Unveiled
- Chris Loomis has created an interesting JavaScript driven web application testing tool that allows manual requests, RSnake powered XSS verification, and many other utilities.
- Jun 3 - How to test session identifier strength with WebScarab
- New article shows you how to use one of the advanced features of WebScarab!