This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Podcast 2"
m |
m |
||
Line 18: | Line 18: | ||
'''December 15, 2008''' - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model] | '''December 15, 2008''' - [http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html Breaking Google Gears' Cross-Origin Communication Model] | ||
− | |||
'''December 10, 2008''' - [http://www.microsoft.com/technet/security/advisory/961051.mspx Vulnerability in Internet Explorer Could Allow Remote Code Execution] and how the heck did this vuln [http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx slip through Microsoft's SDL?] | '''December 10, 2008''' - [http://www.microsoft.com/technet/security/advisory/961051.mspx Vulnerability in Internet Explorer Could Allow Remote Code Execution] and how the heck did this vuln [http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx slip through Microsoft's SDL?] | ||
− | |||
'''December 10, 2008''' - Michael Zalewski, Googler, dumped core on his [http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html browser security knowledge.] | '''December 10, 2008''' - Michael Zalewski, Googler, dumped core on his [http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html browser security knowledge.] | ||
− | |||
'''December 9-11, 2008''' - [http://www.owasp.org/index.php/ESAPI_Summit The first OWASP ESAPI Summit] | '''December 9-11, 2008''' - [http://www.owasp.org/index.php/ESAPI_Summit The first OWASP ESAPI Summit] | ||
− | |||
'''December 8, 2008''' - [http://blogs.zdnet.com/security/?p=2308 4 XSS flaws hit Facebook] | '''December 8, 2008''' - [http://blogs.zdnet.com/security/?p=2308 4 XSS flaws hit Facebook] | ||
− | |||
'''December 8, 2008''' - Safe ActiveX? [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.] | '''December 8, 2008''' - Safe ActiveX? [http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html Google wants to run native code over the web.] | ||
− | |||
== Interview with Stephen Craig Evans == | == Interview with Stephen Craig Evans == |
Revision as of 22:53, 29 December 2008
Recorded December 20, 2008
- Listen Now owasp_podcast_2.mp3
"For PCI Compliance, its doesn't say that .. that your site has to be secure. It says you need to put in processes, and that you know, you have to act like you're trying..." - Stephen Craig Evans
Participants
- Stephen Craig Evans is an independent software security consultant based in southeast Asia. - Jim Manico is a Web Application Architect and Security Engineer for Aspect Security.
OWASP News
December 16, 2008 - OWASP testing guide version 3 has been officially released
- The new testing guide is finally here! Give it to your developers, testers, and anyone else responsible for ensuring the security of an application is built to spec through formal testing and observation. Also great for the consultant, to brush up on testing techniques for a variety of technologies. This Summer of Code 2008 Project was lead by Matteo Meucci and the following contributors.
December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model
December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution and how the heck did this vuln slip through Microsoft's SDL?
December 10, 2008 - Michael Zalewski, Googler, dumped core on his browser security knowledge.
December 9-11, 2008 - The first OWASP ESAPI Summit
December 8, 2008 - 4 XSS flaws hit Facebook
December 8, 2008 - Safe ActiveX? Google wants to run native code over the web.
Interview with Stephen Craig Evans
- OWASP Summer of Code project, Securing WebGoat using ModSecurity - OWASP Orizon Project - Advice for those who want to contribute to a OWASP project - Status of Web App Sec in the Asia/Pacific region