This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Podcast 2
Recording December 20, 2008
Participants
- Stephen Craig Evans - Jim Manico is a Web Application Architect and Security Instructor for Aspect Security.
OWASP News
- December 15, 2008 - Breaking Google Gears' Cross-Origin Communication Model - December 10, 2008 - Vulnerability in Internet Explorer Could Allow Remote Code Execution - December 8, 2008 - 4 XSS flaws hit Facebook
Interview withStephen Craig Evans
- OWASP Summer of Code project, "Securing WebGoat using ModSecurity"
arshan: http://googleonlinesecurity.blogspot.com/2008/12/native-client-technology-for-running.html also looks like crazy news running native code over the web if your code passes a static analysis check is the static analyzer using whitelist or blacklist rules? bypass = arbitrary native code, by design fukami had some interesting findings in bypassing binary analysis (in flash, but still interesting) http://googleonlinesecurity.blogspot.com/2008/12/announcing-browser-security-handbook.html thats big news michael zalewski dumped core
Sent at 4:50 PM on Wednesday
jim: one sec, brb
Sent at 4:50 PM on Wednesday
jim: have you seed
https://www.owasp.org/index.php/Podcast_2
seen...
edit it man
edit it
its crying to be edited
arshan: you want me to put my zings up there?
it will be lame - we don't even need nodes
notes*
imho
jim: please
arshan: why listen when you can read the notes
jim: bring on the magic arshan juice
dont hold back
arshan: makes it look so pre planned
jim: first, you need to goto owasp.org and press the "login" button in the upper right