|
|
| (48 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| − | <!-- | + | <!-- post news stories on [[OWASP News]] and they'll get picked up here soon --> |
| − | ; '''Mon ## - [[article]]'''
| |
| − | : item
| |
| − | --> | |
| | | | |
| − | '''Jun 23 - [http://neosmart.net/blog/archives/194 Apparently XSS is not the result of insecure code, says Neosmart Security Analyst]''' | + | ; '''Ju1 13 - [[OWASP Newsletter 10]]''' |
| − | :"The problem isn’t so much in the attack itself as much as it is in the usage of the term. XSS is not a real security vulnerability in a product or script since it does not directly result in the loss of data integrity, but rather can be used as a tool in social engineering attacks and can never compromise the security of a server/host under any conditions nor that of an end-user on its own. Sites with XSS “vulnerabilities” aren’t insecure." Perhaps Neosmart should review the effects of Cross Site Scripting in the [[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]. | + | : $28K available, OWASP Moderated AppSec News Feed, OWASP on the Move Events |
| | | | |
| − | '''Jun 21 - [http://sectools.org/tools2.html OWASP WebScarab Ranked 35th on Insecure.org's Top 100 Security Tools]''' | + | ; '''Jun 10 - [[OWASP Newsletter 9]]''' |
| − | :Nmap's Fyodor asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed him to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. Respondents were allowed to list open source or commercial tools on any platform. | + | : Top Ten 2007 FINAL!, More SPoC details, lots of pages updated |
| | | | |
| − | ; '''Jun 20 - [http://www.amazon.com/gp/product/0471789666/sr=8-1/qid=1150819640/002-1402412-9970431 Professional pen testers rely on OWASP]''' | + | ; '''Apr 17 - [[OWASP Newsletter 8]]''' |
| − | : [[Image:pentestbook.jpg|100px|right]] This new book is organized around the OWASP Top Ten, and goes into detail about WebScarab and WebGoat. "OWASP's WebScarab is rock solid and a must-have for any serious Web app pen tester" | + | : OWASP SpoC projects selected, new OWASP WeBecki tool, OWASP Code Review project, OWASP updates and much more |
| − | | |
| − | ; '''Jun 8 - [[:Category:OWASP CAL9000 Project|New OWASP CAL9000 Project Unveiled]]'''
| |
| − | : Chris Loomis has created an interesting JavaScript driven web application testing tool that allows manual requests, RSnake powered XSS verification, and many other utilities.
| |
| − | | |
| − | ; '''Jun 3 - [[How to test session identifier strength with WebScarab]]'''
| |
| − | : New article shows you how to use one of the advanced features of WebScarab!
| |
| | | | |
| | ; [[OWASP News|Older news...]] | | ; [[OWASP News|Older news...]] |
