OWASP Newsletter 9

Sent to owasp-all mailing list on ?? May 2007

OWASP Newsletter #9 (1-May-2007)

Welcome to the 9th OWASP Newsletter, tbd ...

If you have any content to add to the next edition, feel free to add it directly to its WIKI page (OWASP Newsletter 10).

Sebastien Deleersnyder

Belgium Chapter Leader

Featured Item: SpoC2007 Selections

To be filled in by Dinis

Featured Item: 6th AppSec Conference

The agenda for the 6th Application Security Conference May 15-17 in Milan has been set, the dinner location determined, and all the details are coming together. Please check out the updated details at: http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007.

Featured (non-OWASP) Project: Security Through Scrutiny: Java Open Review Project

A joint project from the Findbugs group and Fortify Software is examining open source components for security and quality defects. The project, accessible at http://opensource.fortifysoftware.com, allows participants to:

• submit projects to be scanned with Findbugs and Fortify Source Code Analysis suite
• help review potential defects through the online code review interface
• keep track of project defects as they are uncovered and fixed by the open source community
• receive tips on performing code reviews for security defects

The project is open to all Java open source projects and any person that wants to contribute, either through code reviews, project submissions, or project feedback. Current projects include: Tomcat, Jforums, Azureus, Nuxeo, Spring, Struts, select OWASP projects, and more!

People are encouraged to visit the site: http://opensource.fortifysoftware.com for more details or stop by the Fortify/Findbugs demo booth at JavaOne 2007. Project owners that are interested in being featured can email: openaudit <at> fortifysoftware <dot> com

Latest additions to the WIKI

New Pages

• tbd

Updated pages

Updated chapter pages:

• New York
• New Jersey
• NYNJMetro
• Helsinki‎
• Belgium
• Luxemburg
• Houston
• Switzerland

Other pages:

• Testing for XML Structural
• Man-in-the-middle attack
• Preventing LDAP Injection in Java
• Path Traversal‎
• Script in IMG tags
• Server-Side Includes (SSI) Injection
• 6th OWASP AppSec Conference - Italy 2007/Agenda
• OWASP News

New Documents & Presentations from chapters

• tbd

For a complete list of chapter presentations see the online table of presentations.

Latest Blog entries

• OWASP, Evangelism and Ounce
• HOWTO: Bastion XSSString
• Orizon v.0.10-b25
• Bastion contest
• Switching to Java6?
• Eu conf…

OWASP Community

New chapters: Boulder, ‎Calgary, Pune. The Belgium and Luxemburg chapter are combined into a new BeLux chapter.

Mar 30 - NYC and New Jersey OWASP Chapter Combine

• Over 500 Members combined - NY/NJ Metro

• June 12 (18:00hr) - NY/NJ Metro chapter meeting
• Jun 5 (18:00h) - Melbourne chapter meeting
• May 29 (9:00h) - [Italy@Firenze Tecnologia]
• May 21 (14:00h) - 2nd OWASP Israel mini conference
• May 15 (18:00h) - Rochester chapter meeting
• May 10 (18:00h) - Belgium chapter meeting
• May 9 (18:00h) - Toronto chapter meeting
• May 8 (18:00h) - Washington DC (N. VA) chapter meeting
• May 2 (18:30h) - Boston chapter meeting
• May 1 (18:00h) - Melbourne chapter meeting

Application Security News

• tbd

OWASP references in the Media

• tbd