OWASP Newsletter 13

OWASP Newsletter #13 (08-Feb-2008)
Welcome to the 13th edition of the OWASP Newsletter, featuring OWASP Books and the CSRFTester Project.

As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 14.

Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org

Featured Item: OWASP Books Available
OWASP has 10 books that are available for free download, or to purchase (prices range from $5.81 - $17.44). The current books available are:


 * OWASP Clasp v1.2
 * OWASP Top 10
 * OWASP Top 10 - Testing - Legal
 * OWASP WebGoat and WebScarab
 * OWASP Code Review
 * OWASP Evaluation and Certification Criteria
 * OWASP Top 10 - Ruby on Rails version
 * OWASP SpoC 2007
 * OWASP World
 * OWASP Guide 2.0

If you would like to download or order, please go to Lulu!

OWASP Books are provided at cost, and OWASP is not making a profit.

Featured Project: CSRFTester
OWASP recently came out with the CSRFTester Project, which attempts to give developers the ability to test their applications for CSRF flaws. Cross-Site Request Forgery (CSRF) is a program that tricks a victim into loading a page that contains a malicious request, such as changing personal information or purchasing something the victim is not aware of.

If you would like to download the latest OWASP CSRFTester 1.0 binary and startup script

If you would like to download the latest OWASP CSRFTester 1.0 source and binary

To learn more about this project, please visit the Project Home Page.

New Pages

 * OWASP Board Meetings
 * OWASP AppSec Europe 2008-Belgium/CFTP
 * Google Web Toolkit

Updated pages
Updated chapter pages:


 * Cleveland
 * Germany
 * Boulder
 * Boston
 * NYNJMetro
 * Pune
 * Taiwan
 * Minneapolis St Paul
 * Belgium
 * Toronto
 * Northern Virginia
 * Spain
 * Greece
 * Long Island
 * Washington DC

Other pages:


 * Front Range Web Application Security Summit Plannng Page
 * OWASP NYC AppSec 2008
 * OWASP NYC Conference CFPFAQ
 * OWASP on the Move - Payments
 * OWASP Flash Security Project
 * OWASP Spring of Code 2007 - Projects
 * OWASP AppSec Europe 2008 - Belgium/CFTP
 * OWASP AJAX Security Project
 * Italy OWASP Day2
 * Sponsored Projects
 * OWASP Honeycomb Project

New Documents & Presentations from chapters
For a complete list of chapter presentations see the online table of presentations.

OWASP references in the Media

 * The top 10 reasons Web sites get hacked
 * OWASP DC Meeting in February
 * Static Analysis Slide Deck from OWASP San Antonio Online
 * Writing Secure Software
 * Final Call for Vendor Sponsorship
 * Free books from OWASP