This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Podcast 2"
m |
m |
||
Line 14: | Line 14: | ||
Interview withStephen Craig Evans | Interview withStephen Craig Evans | ||
- OWASP Summer of Code project, "Securing WebGoat using ModSecurity" | - OWASP Summer of Code project, "Securing WebGoat using ModSecurity" | ||
+ | |||
+ | arshan: http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html | ||
+ | also looks like crazy news | ||
+ | running native code over the web | ||
+ | if your code passes a static analysis check | ||
+ | is the static analyzer using whitelist or blacklist rules? | ||
+ | bypass = arbitrary native code, by design | ||
+ | fukami had some interesting findings in bypassing binary analysis | ||
+ | (in flash, but still interesting) | ||
+ | http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html | ||
+ | thats big news | ||
+ | michael zalewski dumped core | ||
+ | |||
+ | |||
+ | Sent at 4:50 PM on Wednesday | ||
+ | jim: one sec, brb | ||
+ | |||
+ | |||
+ | Sent at 4:50 PM on Wednesday | ||
+ | jim: have you seed | ||
+ | https://www.owasp.org/index.php/Podcast_2 | ||
+ | seen... | ||
+ | edit it man | ||
+ | edit it | ||
+ | its crying to be edited | ||
+ | |||
+ | |||
+ | arshan: you want me to put my zings up there? | ||
+ | it will be lame - we don't even need nodes | ||
+ | notes* | ||
+ | imho | ||
+ | |||
+ | |||
+ | jim: please | ||
+ | |||
+ | |||
+ | arshan: why listen when you can read the notes | ||
+ | |||
+ | |||
+ | jim: bring on the magic arshan juice | ||
+ | dont hold back | ||
+ | |||
+ | |||
+ | arshan: makes it look so pre planned | ||
+ | |||
+ | |||
+ | jim: first, you need to goto owasp.org and press the "login" button in the upper right |
Revision as of 22:03, 17 December 2008
Recording December 20, 2008
Participants
- Stephen Craig Evans - Jim Manico is a Web Application Architect and Security Instructor for Aspect Security.
OWASP News
- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model - December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution - December 8, 2008 - 4 XSS flaws hit Facebook
Interview withStephen Craig Evans
- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
arshan: http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html also looks like crazy news running native code over the web if your code passes a static analysis check is the static analyzer using whitelist or blacklist rules? bypass = arbitrary native code, by design fukami had some interesting findings in bypassing binary analysis (in flash, but still interesting) http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html thats big news michael zalewski dumped core
Sent at 4:50 PM on Wednesday
jim: one sec, brb
Sent at 4:50 PM on Wednesday
jim: have you seed
https://www.owasp.org/index.php/Podcast_2
seen...
edit it man
edit it
its crying to be edited
arshan: you want me to put my zings up there?
it will be lame - we don't even need nodes
notes*
imho
jim: please
arshan: why listen when you can read the notes
jim: bring on the magic arshan juice
dont hold back
arshan: makes it look so pre planned
jim: first, you need to goto owasp.org and press the "login" button in the upper right