This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Newsletter 2"
From OWASP
Dinis.cruz (talk | contribs) (→Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS) |
Dinis.cruz (talk | contribs) (→Latest additions to the WIKI) |
||
| Line 34: | Line 34: | ||
** [http://blogs.owasp.org/webservices/2006/12/13/hello-world/ Pen Testing Web Services], December 13th | ** [http://blogs.owasp.org/webservices/2006/12/13/hello-world/ Pen Testing Web Services], December 13th | ||
| − | ==== Latest additions to the WIKI ==== | + | ==== Latest additions to the WIKI - New Pages ==== |
| + | * [[Chapter Leader Handbook]] | ||
| + | * [[OWASP WebScarab NG Project]] | ||
| + | * Eoin has been quite busy this week working on the new version of the[[:Category: OWASP Code Review Project]] | ||
| + | ** [[Logging issues]] | ||
| + | ** [[Reviewing Code for Buffer Overruns and Overflows]] | ||
| + | ** [[Reviewing Code for OS Injection]] | ||
| + | ** [[Reviewing Code for Data Validation]] | ||
| + | ** [[Reviewing Code for Logging Issues]] | ||
| + | ** [[Reviewing The Secure Code Environment]] | ||
| + | ** just starting [[Preface]] , [[Reasons for using automated tools]],[[Education and cultural change]], [[Tool Deployment Model]] | ||
| + | * [[]] | ||
| + | * [[]] | ||
| + | * [[]] | ||
| + | * [[]] | ||
| + | * [[]] | ||
==== OWASP Community ==== | ==== OWASP Community ==== | ||
Revision as of 06:21, 15 January 2007
Using the same format as used in OWASP Newsletter 1 this is the page that will be used for the next Newsletter
OWASP News
Featured Projects: {TBD}
Featured Story: Two free Java EE filters for CSRF, Reflected XSS, and Adobe XSS
OWASP contributors from Aspect Security have developed two new Java EE filters to protect against common web attacks. Just add a few lines to your web.xml file and enjoy the protection.
- CSRF and Reflected XSS Filter for Java EE
- This filter adds a random token to forms and URLs that prevent an attacker from executing both CSRF and reflected XSS attacks.
- Adobe XSS Filter for Java EE
- This filter protects against the recent XSS attacks on PDF files. By using a redirect and an encrypted token, this filter ensures that dangerous attacks are not passed into the Adobe reader plugin.
Latest Blog Entries
As posted in blogs.owasp.org
- from Eoin Keary blog
- OWASP Testing Guide v2.0, January 11th, 2007
- OWASP Code review Guide, January 3rd
- innerHTML and eval - Javascript/Ajax attacks - 101, January 3rd, 2007
- What Next for App Sec (Contd) - Gmail exploit, January 2nd, 2007
- OWASP Live CD, January 2nd, 2007
- What next for app Sec, January 2nd, 2007
- from Life of an OWASP Chapter Leader blog
- The OWASP Chapter Leader Handbook, January 6th, 2007 by
- PHP (in)security, December 15th
- Poll results of last year, December 15th
- So you want to become a chapter leader?, December 14th
- from On Security blog
- Good Development Leads to Good Security, January 9th, 2007
- from HTTP SOAP Pen Testing blog
- Pen Testing Web Services, December 13th
Latest additions to the WIKI - New Pages
- Chapter Leader Handbook
- OWASP WebScarab NG Project
- Eoin has been quite busy this week working on the new version of theCategory: OWASP Code Review Project
- Logging issues
- Reviewing Code for Buffer Overruns and Overflows
- Reviewing Code for OS Injection
- Reviewing Code for Data Validation
- Reviewing Code for Logging Issues
- Reviewing The Secure Code Environment
- just starting Preface , Reasons for using automated tools,Education and cultural change, Tool Deployment Model
- [[]]
- [[]]
- [[]]
- [[]]
- [[]]
