This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Podcast News"

From OWASP
Jump to: navigation, search
(OWASP AppSec News)
(removal of duplicates)
Line 22: Line 22:
 
;5/1 Mythbusting – Secure Code is Less Expensive to Develop http://jeremiahgrossman.blogspot.com/2009/05/mythbusting-secure-code-is-less.html
 
;5/1 Mythbusting – Secure Code is Less Expensive to Develop http://jeremiahgrossman.blogspot.com/2009/05/mythbusting-secure-code-is-less.html
 
;5/1 Getting started with the PHPIS Intrusion Detection System http://www.h-online.com/security/Getting-started-with-the-PHPIDS-intrusion-detection-system--/features/113163
 
;5/1 Getting started with the PHPIS Intrusion Detection System http://www.h-online.com/security/Getting-started-with-the-PHPIDS-intrusion-detection-system--/features/113163
;5/4 http://nickcoblentz.blogspot.com/2009/05/owasp-iswg-struts-2webwork-gap-analysis.html
 
 
;5/4 http://feedproxy.google.com/~r/mcgovern/~3/k9BoNtavPxQ/conference-is-about-community.html
 
;5/4 http://feedproxy.google.com/~r/mcgovern/~3/k9BoNtavPxQ/conference-is-about-community.html
;5/5 http://coding-insecurity.blogspot.com/2009/05/protection-against-forceful-browsing.html
 
 
;5/5 http://nickcoblentz.blogspot.com/2009/05/light-weight-code-review-as-you-program.html
 
;5/5 http://nickcoblentz.blogspot.com/2009/05/light-weight-code-review-as-you-program.html
;5/16 Daily Dave and crew talk browser-based client side crypto http://seclists.org/dailydave/2009/q2/0093.html
+
 
 
;5/4 Using Denial of Service for Hacking http://ha.ckers.org/blog/20090504/using-denial-of-service-for-hacking/
 
;5/4 Using Denial of Service for Hacking http://ha.ckers.org/blog/20090504/using-denial-of-service-for-hacking/
 
;5/4 OWASP ISWG: Struts 2/WebWork Gap Analysis http://nickcoblentz.blogspot.com/2009/05/owasp-iswg-struts-2webwork-gap-analysis.html http://nickcoblentz.blogspot.com/2009/05/struts-2-security-addons-code.html
 
;5/4 OWASP ISWG: Struts 2/WebWork Gap Analysis http://nickcoblentz.blogspot.com/2009/05/owasp-iswg-struts-2webwork-gap-analysis.html http://nickcoblentz.blogspot.com/2009/05/struts-2-security-addons-code.html
Line 40: Line 38:
 
;5/13 Effective Account Lockout http://coding-insecurity.blogspot.com/2009/05/effective-account-lockout.html
 
;5/13 Effective Account Lockout http://coding-insecurity.blogspot.com/2009/05/effective-account-lockout.html
 
;5/13 Sincerest Form of Flattery http://securitylabs.websense.com/content/Blogs/3397.aspx
 
;5/13 Sincerest Form of Flattery http://securitylabs.websense.com/content/Blogs/3397.aspx
 +
 +
 
;5/15 Does Tokenization Solve Anything? http://www.secureconsulting.net/2009/05/does_tokenization_solve_anythi.html
 
;5/15 Does Tokenization Solve Anything? http://www.secureconsulting.net/2009/05/does_tokenization_solve_anythi.html
 +
;5/16 Daily Dave and crew talk browser-based client side crypto http://seclists.org/dailydave/2009/q2/0093.html
 
;5/19 It’s No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions http://newschoolsecurity.com/2009/05/179/
 
;5/19 It’s No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions http://newschoolsecurity.com/2009/05/179/
 
;5/19 Some Thoughts on the OWASP Top Ten http://blog.ncircle.com/blogs/vert/archives/2009/05/some_thoughts_on_the_owasp_top.html
 
;5/19 Some Thoughts on the OWASP Top Ten http://blog.ncircle.com/blogs/vert/archives/2009/05/some_thoughts_on_the_owasp_top.html

Revision as of 22:08, 11 June 2009

OWASP Podcast News

OWASP NEWS April 2009

OWASP General News


Global Committees progress https://www.owasp.org/index.php/Global_Committee_Pages
What should the next OWASP Top 10 contain? http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Upcoming Conferences http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
Season of Code 2009 http://www.owasp.org/index.php/OWASP_Season_of_Code_2009
Board Mins. http://www.owasp.org/index.php/OWASP_Board_Meetings

OWASP AppSec News

5/1 Mythbusting – Secure Code is Less Expensive to Develop http://jeremiahgrossman.blogspot.com/2009/05/mythbusting-secure-code-is-less.html
5/1 Getting started with the PHPIS Intrusion Detection System http://www.h-online.com/security/Getting-started-with-the-PHPIDS-intrusion-detection-system--/features/113163
5/4 http://feedproxy.google.com/~r/mcgovern/~3/k9BoNtavPxQ/conference-is-about-community.html
5/5 http://nickcoblentz.blogspot.com/2009/05/light-weight-code-review-as-you-program.html
5/4 Using Denial of Service for Hacking http://ha.ckers.org/blog/20090504/using-denial-of-service-for-hacking/
5/4 OWASP ISWG
Struts 2/WebWork Gap Analysis http://nickcoblentz.blogspot.com/2009/05/owasp-iswg-struts-2webwork-gap-analysis.html http://nickcoblentz.blogspot.com/2009/05/struts-2-security-addons-code.html
5/4 Best Practice
Consider External Data Feeds Untrusted http://www.veracode.com/blog/2009/05/best-practice-consider-external-data-feeds-untrusted/
5/4 Protection against Forceful Browsing http://coding-insecurity.blogspot.com/2009/05/protection-against-forceful-browsing.html
5/5 Moth - A new release from the w3af project http://www.mail-archive.com/[email protected]/msg00369.html http://security-sh3ll.blogspot.com/2009/05/moth.html
5/5 Botnets took control of 12 million new IPs this year http://www.wired.com/threatlevel/2009/05/botnets-took-control-of-12-million-new-ips-this-year/
5/6 Enter Formjacking http://i8jesus.com/?p=48
5/8 8 Reasons Why Website Vulnerabilities Are Not Fixed http://jeremiahgrossman.blogspot.com/2009/05/8-reasons-why-website-vulnerabilities.html
5/8 SQL Injection Lessons from X-Force Emergency Response Service Investigations http://blogs.iss.net/archive/sql-injection-ers.html
5/12 Delay of FTC Red Flag Rule http://www.bankinfosecurity.com/articles.php?art_id=1457
5/13 Botnet is Captured and Studied http://gadgetwise.blogs.nytimes.com/2009/05/13/botnet-is-captured-and-studied-and-the-findings-arent-good/
5/13 Effective Account Lockout http://coding-insecurity.blogspot.com/2009/05/effective-account-lockout.html
5/13 Sincerest Form of Flattery http://securitylabs.websense.com/content/Blogs/3397.aspx


5/15 Does Tokenization Solve Anything? http://www.secureconsulting.net/2009/05/does_tokenization_solve_anythi.html
5/16 Daily Dave and crew talk browser-based client side crypto http://seclists.org/dailydave/2009/q2/0093.html
5/19 It’s No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions http://newschoolsecurity.com/2009/05/179/
5/19 Some Thoughts on the OWASP Top Ten http://blog.ncircle.com/blogs/vert/archives/2009/05/some_thoughts_on_the_owasp_top.html
5/19 Making Secure Code Easier http://blogs.msdn.com/sdl/archive/2009/05/19/making-secure-code-easier.aspx
5/19 Java deserialization issues http://blog.cr0.org/2009/05/write-once-own-everyone.html
5/20 Parameter Pollution http://www.h-online.com/security/New-type-of-attack-on-web-applications-Parameter-Pollution--/news/113333/from/rss
5/28 Don Ankney LayerOne XSS Presentation http://hackerco.de/2009/05/layerone-presentation-video.html
5/28 Logging in the Age of Web Services http://1raindrop.typepad.com/1_raindrop/2009/05/logging-in-the-age-of-web-services.html