This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Podcast 2"

From OWASP
Jump to: navigation, search
m
m
Line 15: Line 15:
 
  - OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
 
  - OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
  
arshan: http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html
+
- December, 2008 - [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web. Safe ActiveX? fukami has done some work bypassing binary analysis.]
also looks like crazy news
+
- December, 2008 - [http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html Michael Zalewski, Googler, dumped core on his browser security knowledge]
running native code over the web
 
if your code passes a static analysis check
 
is the static analyzer using whitelist or blacklist rules?
 
bypass = arbitrary native code, by design
 
fukami had some interesting findings in bypassing binary analysis
 
(in flash, but still interesting)
 
http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html
 
thats big news
 
michael zalewski dumped core
 
 
 
 
 
Sent at 4:50 PM on Wednesday
 
jim: one sec, brb
 
 
 
 
 
Sent at 4:50 PM on Wednesday
 
jim: have you seed
 
https://www.owasp.org/index.php/Podcast_2
 
seen...
 
edit it man
 
edit it
 
its crying to be edited
 
 
 
 
 
arshan: you want me to put my zings up there?
 
it will be lame - we don't even need nodes
 
notes*
 
imho
 
 
 
 
 
jim: please
 
 
 
 
 
arshan: why listen when you can read the notes
 
 
 
 
 
jim: bring on the magic arshan juice
 
dont hold back
 
 
 
 
 
arshan: makes it look so pre planned
 
 
 
 
 
jim: first, you need to goto owasp.org and press the "login" button in the upper right
 

Revision as of 22:06, 17 December 2008

OWASP Podcast Series #2

Recording December 20, 2008

Participants 

- Stephen Craig Evans
- Jim Manico is a Web Application Architect and Security Instructor for Aspect Security.

OWASP News 

- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model 
- December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
- December 8, 2008 - 4 XSS flaws hit Facebook

Interview withStephen Craig Evans 

- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"

- December, 2008 - Google wants to run native code over the web. Safe ActiveX? fukami has done some work bypassing binary analysis.
- December, 2008 - Michael Zalewski, Googler, dumped core on his browser security knowledge
Retrieved from "https://wiki.owasp.org/index.php?title=Podcast_2&oldid=49482"