OWASP Newsletter 15

OWASP Newsletter #15 (28-March-2008)
Welcome to the 15th edition of the OWASP Newsletter, featuring the OWASP NYC AppSec 2008 Conference, OWASP Week 2008, and the OWASP Guide 3.0 Development Resumes.

As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 16.

Alison McNamee - OWASP Operations Director - Tel: 301-575-0197 - eMail: Alison.mcnamee@owasp.org

Featured Item: OWASP NYC AppSec 2008 Conference
The OWASP NYC AppSec 2008 Conference will take place on October 7th-10th. At this event, there will be two days of Multi-track Seminars, Capture the Flag, two days of Hands-On Training and a Vendor Exhibit. The conference will be held downtown New York City with the capacity for up to 1,000 attendees register early! Registration for training and attendees will open up on April 1st, 2008. For full details on the event, to submit a talk or for more information on sponsorship opportunities click here.

Featured Item: OWASP Week 2008
Following the success of OWASP Day in 2007, this year we have decided to have the first ever OWASP Week! This will take place between March 30th and April 4th. To see what chapters are participating, please go to OWASP_Week_April_08.

Featured Project: OWASP Guide 3.0 Development Resumes
Andrew van der Stock, the OWASP Guide Project Lead, is calling for volunteers to re-factor the OWASP Guide to be solely about secure architecture and coding using ESAPI. This will help distinguish the Guide from our other major documents:


 * The Guide will become solely about coding securely using ESAPI with J2EE, .NET and PHP
 * The Code Review Guide is about reviewing web apps
 * The Testing Guide is about testing web apps

Andrew is looking for volunteers to take on individual chapters. There are 16 chapters, and each should take one person about a month to re-factor, followed by a few months for peer review, QA, diagrams, and final acceptance. The goal is to release the final OWASP Guide 3.0 at the OWASP US Conference in late 2008.

If you're interested, please join the owasp-guide mail list:

https://lists.owasp.org/mailman/listinfo/owasp-guide

Once joined, please post to the list with an introduction and a list of which chapters you'd are interested in taking on. If you've previously volunteered, please just say so and priority will be given to your chapter choices.

New Pages

 * OWASP_Backend_Security_Project_Tools
 * OWASP_OSG_Functional_Spec
 * .NET_Architect
 * .Net_Project_Wishlist
 * .NET_Project_ReOrg_Alpha
 * Germany/press
 * OWASP_Board_Meetings_3-6-08
 * Not-For-Profit_Status
 * OWASP_Request_for_Proposal_List
 * OWASP_Week_April_08
 * OWASP_Board_Meetings_March_Agenda
 * OWASP_Board_Meetings_2-7-08
 * Ajax_Frameworks
 * OWASP_Summer_0f_Code_2008_:_Selection_Assessment_SoC_08_Application_2
 * OWASP_Summer_0f_Code_2008_:_Selection_Assessment_SoC_08_Application_1
 * OWASP_Summer_0f_Code_2008_:_Selection_Assessment_Type

New Chapter Pages

 * Qatar
 * Spain/Meetings
 * Boulderchaptermeetings2008.html
 * Boulderchaptermeetings2007.html
 * Mexico City/es

Updated Pages

 * SpoC_007_-_OWASP_Site_Generator
 * OWASP Flash Security Project
 * OWASP_.Net_Project_Roadmap
 * OWASP_Summer_of_Code_2008_Applications_-_Proposal_Type
 * OWASP DirBuster Project
 * OWASP Backend Security Project
 * Testing_for_Cross_site_scripting
 * CSRF_Guard_2x_Roadmap
 * Talk:Declarative_Access_Control_in_Java
 * OWASP JBroFuzz
 * JSP JSTL
 * Preventing LDAP Injection in Java
 * Password length & complexity
 * OWASP Project Assessment
 * OWASP_NYC_AppSec_2008_Conference
 * OWASP Enterprise Security API
 * Italy_OWASP_Day_2
 * OWASP_Summer_of_Code_2008_Applications
 * Ajax_Literature_Review
 * OWASP_Grants
 * Reviews_of_security_podcasts
 * OWASP_Foundation
 * OWASP_Spring_Of_Code_2007_-_Payments
 * OWASP_Backend_Security_Project
 * Category_talk:OWASP_Testing_Project
 * OWASP_Summer_of_Code_2008_Press_Release
 * OWASP_Spring_Of_Code_2007_-_Projects
 * Web_Application_Firewall
 * OWASP_Summer_0f_Code_2008_:_Selection
 * OWASP Video
 * OWASP_Java_Table_of_Contents

Updated chapter pages:

 * Boise
 * Belgium
 * Austin
 * London
 * Cleveland
 * Mexico City
 * Boulder
 * Virginia (Northern Virginia)
 * Denver
 * Memphis
 * Eugene
 * Belgium
 * Chennai
 * Rochester
 * Belgium
 * Turkey
 * Italy
 * Latvia
 * Helsinki
 * Minneapolis St Paul
 * Cincinnati
 * Suncoast
 * Sacramento
 * Buffalo
 * Spain
 * Columbus
 * Switzerland
 * Washington DC
 * NYNYMetro
 * Netherlands
 * Egypt

New Documents & Presentations from chapters

 * Robert Hansen's talk on Logic Attacks and Inefficiencie of Robotic Detection at MSP

For a complete list of chapter presentations see the online table of presentations.

OWASP references in the Media

 * Top 10 Reasons Web Sites get Hacked
 * Do Outsourcing Firms write secure code?
 * OWASP Talk PHP Code Analysis Real World Examples
 * OWASP Summer of Code
 * AntiSamy 1.1 is out!
 * Economics of Industry Certifications
 * Conference 2008 at NY
 * Web Testing and Reporting Best Practices
 * XSS and CSRF Attacks
 * Email Encryption
 * OWASP Australia 2008
 * Software Vendors and OWASP
 * February OWASP Top 10 - Exploits
 * Exposing ECM Security Vulnerabilities
 * Res timing file enumeration without javascript in ie7.0
 * FOSDEM
 * About OWASP
 * Why many popular website are risky

Application Security News Feed

 * TBD