Difference between revisions of "OWASP Newsletter 1"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
==== OWASP News – December 25th 2006 to December 31st 2006 ====
 
==== OWASP News – December 25th 2006 to December 31st 2006 ====
  
Happy Holidays from all of us at OWASP!
+
'''Happy Holidays from all of us at OWASP!'''
  
 
I would like to take a moment to welcome you all to our first edition of the OWASP weekly newsletter  and introduce myself. My name is Aaron Holmes and I have had the pleasure of maintaining the OWASP Autumn of Code 2006 Web Developer Project. It has been a rewarding and educational experience for myself, and I feel OWASP has benefited greatly by the many excellent projects which have been developed and advanced through the AoC 2006 program. With all this activity and excitement, we have decided that we should produce and distribute a weekly newsletter to keep everyone up to date on the direction of OWASP and our many great projects. We invite your feedback and news submissions which can be submitted to me directly by emailing aholmes@owasp.org. Enjoy!
 
I would like to take a moment to welcome you all to our first edition of the OWASP weekly newsletter  and introduce myself. My name is Aaron Holmes and I have had the pleasure of maintaining the OWASP Autumn of Code 2006 Web Developer Project. It has been a rewarding and educational experience for myself, and I feel OWASP has benefited greatly by the many excellent projects which have been developed and advanced through the AoC 2006 program. With all this activity and excitement, we have decided that we should produce and distribute a weekly newsletter to keep everyone up to date on the direction of OWASP and our many great projects. We invite your feedback and news submissions which can be submitted to me directly by emailing aholmes@owasp.org. Enjoy!
Line 24: Line 24:
 
==== Latest Releases / Features ====
 
==== Latest Releases / Features ====
  
Nov 26 - [http://www.owasp.org/index.php/OWASP_Report_Generator OWASP Report Generator 0.88] Released
+
'''Nov 26 - [http://www.owasp.org/index.php/OWASP_Report_Generator OWASP Report Generator 0.88] Released '''
 +
 
 
A tool for security consultants that supports the documentation and reporting of security vulnerabilities discovered during security.
 
A tool for security consultants that supports the documentation and reporting of security vulnerabilities discovered during security.
  
Nov 26 - [http://www.owasp.org/index.php/OWASP_Site_Generator OWASP Site Generator v.70] Released
+
'''Nov 26 - [http://www.owasp.org/index.php/OWASP_Site_Generator OWASP Site Generator v.70] Released'''
 +
 
 
A tool that allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) for testing application security tools.
 
A tool that allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) for testing application security tools.
  
Line 33: Line 35:
 
==== OWASP News Headlines ====
 
==== OWASP News Headlines ====
  
Nov 14 - [http://www.owasp.org/index.php/Category:OWASP_Project Three great new OWASP projects]
+
'''Nov 14 - [http://www.owasp.org/index.php/Category:OWASP_Project Three great new OWASP projects]'''
1) [http://www.owasp.org/index.php/Category:OWASP_Encoding_Project OWASP Encoding Project] A nice encoding library that supports Java, .NET, PHP, Python, Perl, JavaScript, and Ajax.  
+
 
2) [http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project OWASP WSFuzzer Project] A fuzzing tool for Web Services to support penetration testing efforts.  
+
* [http://www.owasp.org/index.php/Category:OWASP_Encoding_Project OWASP Encoding Project] A nice encoding library that supports Java, .NET, PHP, Python, Perl, JavaScript, and Ajax.  
3) [http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project OWASP Insecure Web App Project] A realistic but insecure Java EE web application for use in learning and testing tools.
+
 
 +
* [http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project OWASP WSFuzzer Project] A fuzzing tool for Web Services to support penetration testing efforts.  
 +
 
 +
* [http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project OWASP Insecure Web App Project] A realistic but insecure Java EE web application for use in learning and testing tools.
 +
 
 +
'''Nov 12 - [http://www.owasp.org/google/results.html New OWASP App Security Search Engine]'''
  
Nov 12 - [http://www.owasp.org/google/results.html New OWASP App Security Search Engine]
 
 
We're beta-testing a new Google-powered search engine for application security. The engine indexes the OWASP site and all the other sites dedicated to application security on the Internet.
 
We're beta-testing a new Google-powered search engine for application security. The engine indexes the OWASP site and all the other sites dedicated to application security on the Internet.
  
Nov 7 - [http://www.owasp.org/index.php/Special:Statistics OWASP Hits Two-Million Page Views]
+
'''Nov 7 - [http://www.owasp.org/index.php/Special:Statistics OWASP Hits Two-Million Page Views]'''
 +
 
 
Thank you all for your support! We serve approximately 1/2 million page views every month.
 
Thank you all for your support! We serve approximately 1/2 million page views every month.

Revision as of 23:13, 25 December 2006

Contents

OWASP News – December 25th 2006 to December 31st 2006

Happy Holidays from all of us at OWASP!

I would like to take a moment to welcome you all to our first edition of the OWASP weekly newsletter and introduce myself. My name is Aaron Holmes and I have had the pleasure of maintaining the OWASP Autumn of Code 2006 Web Developer Project. It has been a rewarding and educational experience for myself, and I feel OWASP has benefited greatly by the many excellent projects which have been developed and advanced through the AoC 2006 program. With all this activity and excitement, we have decided that we should produce and distribute a weekly newsletter to keep everyone up to date on the direction of OWASP and our many great projects. We invite your feedback and news submissions which can be submitted to me directly by emailing aholmes@owasp.org. Enjoy!

As previously noted there has been an amazing amount of progress and work being finalized with the AoC 2006 winding down. We’ve seen new releases from both the OWASP Report Generator and the OWASP Site Generator Projects, having been made possible by the hard work of AoC 2006 participant Mike de Libero and project coordinator Dinis Cruz. Please see the progress page for a complete listing of new features and fixes as well as the main Report Generator and Site Generator project pages for complete project descriptions and resources.

Other projects seeing considerable development through the AoC 2006 program are Web Scarab (a web application security testing tool), Web Goat (online application security training environment), CAL9000 (a collection of web application security testing tools), Live CD (CD containing ready to use versions of application security analysis and testing tools), Pantera (Web Assessment Studio), Testing Guide (security testing procedures and guides), and the OWASP .NET Tools Project.

Phew, those are a lot of projects! In next week’s newsletter we will take a deeper look within a few of the aforementioned projects and explain how they can benefit you.

Until next week, happy coding!

Aaron M. Holmes OWASP Weekly Newsletter Editor and Website Developer


Featured Project - OWASP WebScarab Project

WebScarab is a Java based framework for analysing applications that communicate using the HTTP and HTTPS protocols. WebScarab has several modes of operation that are activated through plugins. By default WebScarab operates as an intercepting proxy that allows the user to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.


Latest Releases / Features

Nov 26 - OWASP Report Generator 0.88 Released

A tool for security consultants that supports the documentation and reporting of security vulnerabilities discovered during security.

Nov 26 - OWASP Site Generator v.70 Released

A tool that allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) for testing application security tools.


OWASP News Headlines

Nov 14 - Three great new OWASP projects

  • OWASP Encoding Project A nice encoding library that supports Java, .NET, PHP, Python, Perl, JavaScript, and Ajax.

Nov 12 - New OWASP App Security Search Engine

We're beta-testing a new Google-powered search engine for application security. The engine indexes the OWASP site and all the other sites dedicated to application security on the Internet.

Nov 7 - OWASP Hits Two-Million Page Views

Thank you all for your support! We serve approximately 1/2 million page views every month.