This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Podcast 2

Revision as of 22:03, 17 December 2008 by Arshan (talk | contribs)

Jump to: navigation, search

OWASP Podcast Series #2

Recording December 20, 2008


- Stephen Craig Evans
- Jim Manico is a Web Application Architect and Security Instructor for Aspect Security. 


- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model 
- December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution
- December 8, 2008 - 4 XSS flaws hit Facebook

Interview withStephen Craig Evans

- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"

arshan: also looks like crazy news running native code over the web if your code passes a static analysis check is the static analyzer using whitelist or blacklist rules? bypass = arbitrary native code, by design fukami had some interesting findings in bypassing binary analysis (in flash, but still interesting) thats big news michael zalewski dumped core

Sent at 4:50 PM on Wednesday jim: one sec, brb

Sent at 4:50 PM on Wednesday jim: have you seed seen... edit it man edit it its crying to be edited

arshan: you want me to put my zings up there? it will be lame - we don't even need nodes notes* imho

jim: please

arshan: why listen when you can read the notes

jim: bring on the magic arshan juice dont hold back

arshan: makes it look so pre planned

jim: first, you need to goto and press the "login" button in the upper right