OWASP Newsletter 3

Using the same format as used in OWASP Newsletter 1 and OWASP Newsletter 2 this is the page that will be used for the next Newsletter

OWASP News
{....}

OWASP Projects that need your help

 * [Java Project]: Convert Mark Petrovic's article Discovering a Java Application's Security Requirements into the WIKI (contact Stephen de Vries if you are interrested)
 * [.Net Project]: Add PDP GnuCitizen AttackAPI to OWASP Site Generator and convert the php files into ASP.NET

OWASP Java Project

 * How to perform HTML entity encoding in Java to prevent Cross Site Scripting attacks
 * JAAS Tomcat Login Module - an example of how to implement a time delayed JAAS login module in Tomcat
 * Securing Apache Tomcat - a guide for deployers on how to secure Apache Tomcat
 * Hashing in Java - how to securely implement cryptographic hashing in Java

Updated pages

 * OWASP student projects - Updated with new ideas for projects
 * How OWASP Works - Updated information on OWASP's board current structure and future plans
 * OWASP WebScarab NG Project Technical Info - Technical info about the OWASP WebScarab NG Project

OWASP Community
{....}

OWASP News Headlines
{....}

Application Security News

 * Web Application Security Professionals Survey (Jan. 2007) - Jeremiah Grossman just released his survey with lots of very interresting data. Make sure you check out section '11) Top 3 web application security resources' which is a nice database of the most popular vulnerability assessment tools and knowledge resources (#1 was RSnake's Blog, and #2 was OWASP :) )


 * Don't take security advice from the devil you know! - He lies. Especially about security flaws. This article notes an increase in vulnerabilities found in open source packages and concludes that... "For the personal sites and the mom-and-pop stores that rely on the software, it certainly affects them," Martin said. "But larger companies likely aren't affected." Right.


 * Hackers attack MoneyGram International server, breach personal info of 80,000 customers''' - A MoneyGram International server has been breached, allowing cybercrooks access to the personal information of nearly 80,000 people. Hackers accessed the server through the web sometime last month, the money-transfer company said in a statement released on Friday.


 * Also worth a read: A Rude Awakening, Making Security Rewarding Discovering a Java Application's Security Requirements, Security Startups Make Debut, Source Code Specialist Fortify to Buy Secure Software , Ajax Sniffer - Prrof of concept, Decoding the Google Blacklist, Visual WebGui Announces The Dot.Net Answer To Google's GWT

OWASP references in the Media
{....}