Difference between revisions of "OWASP Newsletter 13"

From OWASP
Jump to: navigation, search
(New page: == OWASP Newsletter #13 (xx-Feb-2008) == Welcome to the 13th edition of the OWASP Newsletter, featuring TBD and the TDB Project. Alison McNamee - OWASP Operations Director - Alison_mcna...)
 
m (Updated pages)
 
(16 intermediate revisions by one user not shown)
Line 1: Line 1:
==  OWASP Newsletter #13 (xx-Feb-2008) ==
+
==  OWASP Newsletter #13 (08-Feb-2008) ==
Welcome to the 13th edition of the OWASP Newsletter, featuring TBD and the TDB Project.
+
Welcome to the 13th edition of the OWASP Newsletter, featuring OWASP Books and the CSRFTester Project.
  
  
Alison McNamee - OWASP Operations Director - Alison_mcnamee@owasp.org
+
As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page [[OWASP Newsletter 14]].
  
  
== Featured Item: TBD==
+
Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org
  
 +
== Featured Item: OWASP Books Available==
  
== Featured Project: TBD ==
+
OWASP has 10 books that are available for free download, or to purchase (prices range from $5.81 - $17.44).  The current books available are:
  
 +
* OWASP Clasp v1.2
 +
* OWASP Top 10
 +
* OWASP Top 10 - Testing - Legal
 +
* OWASP WebGoat and WebScarab
 +
* OWASP Code Review
 +
* OWASP Evaluation and Certification Criteria
 +
* OWASP Top 10 - Ruby on Rails version
 +
* OWASP SpoC 2007
 +
* OWASP World
 +
* OWASP Guide 2.0
 +
 +
 +
If you would like to download or order, please go to [http://stores.lulu.com/owasp Lulu]!
 +
 +
 +
OWASP Books are provided at cost, and OWASP is not making a profit. 
 +
 +
 +
== Featured Project: CSRFTester ==
 +
 +
OWASP recently came out with the CSRFTester Project, which attempts to give developers the ability to test their applications for CSRF flaws.  Cross-Site Request Forgery (CSRF) is a program that tricks a victim into loading a page that contains a malicious request, such as changing personal information or purchasing something the victim is not aware of.
 +
 +
 +
If you would like to download the latest OWASP CSRFTester 1.0 binary and startup script [https://www.owasp.org/index.php/Image:CSRFTester-1.0.zip Click Here]
 +
 +
If you would like to download the latest OWASP CSRFTester 1.0 source and binary [https://www.owasp.org/index.php/Image:CSRFTester-1.0-src.zip Click Here]
 +
 +
 +
To learn more about this project, please visit the [http://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project Project Home Page].
  
 
== Latest additions to the WIKI ==
 
== Latest additions to the WIKI ==
Line 17: Line 47:
 
==== New Pages====
 
==== New Pages====
  
 +
* [http://www.owasp.org/index.php/OWASP_Board_Meetings OWASP Board Meetings]
 +
* [http://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium/CFTP OWASP AppSec Europe 2008-Belgium/CFTP]
 +
* [http://www.owasp.org/index.php/Google_Web_Toolkit Google Web Toolkit]
 +
* [http://www.owasp.org/index.php/NewBrunswick New Brunswick]
  
 
==== Updated pages====  
 
==== Updated pages====  
 
Updated chapter pages:
 
Updated chapter pages:
 +
 +
* [http://www.owasp.org/index.php/Sweden Sweden]
 +
* [http://www.owasp.org/index.php/Denver Denver]
 +
* [http://www.owasp.org/index.php/Cleveland Cleveland]
 +
* [http://www.owasp.org/index.php/Germany Germany]
 +
* [http://www.owasp.org/index.php/Boulder Boulder]
 +
* [http://www.owasp.org/index.php/Boston Boston]
 +
* [http://www.owasp.org/index.php/NYNJMetro NYNJMetro]
 +
* [http://www.owasp.org/index.php/Pune Pune]
 +
* [http://www.owasp.org/index.php/Taiwan Taiwan]
 +
* [http://www.owasp.org/index.php/Minneapolis_St_Paul Minneapolis St Paul]
 +
* [http://www.owasp.org/index.php/Belgium Belgium]
 +
* [http://www.owasp.org/index.php/Toronto Toronto]
 +
* [http://www.owasp.org/index.php/Virginia_%28Northern_Virginia%29 Northern Virginia]
 +
* [http://www.owasp.org/index.php/Spain Spain]
 +
* [http://www.owasp.org/index.php/Greece Greece]
 +
* [http://www.owasp.org/index.php/Long_Island Long Island]
 +
* [http://www.owasp.org/index.php/Washington_DC Washington DC]
 +
  
  
 
Other pages:
 
Other pages:
  
 +
* [http://www.owasp.org/index.php/OWASP_Australia_AppSec_2008_Conference/Agenda OWASP Australia AppSec 2008 Conference/Agenda]
 +
* [http://www.owasp.org/index.php/Front_Range_Web_Application_Security_Summit_Planning_Page Front Range Web Application Security Summit Plannng Page]
 +
* [http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference OWASP NYC AppSec 2008]
 +
* [http://www.owasp.org/index.php/CFPFAQ OWASP NYC Conference CFPFAQ]
 +
* [http://www.owasp.org/index.php/OWASP_on_the_Move_-_Payments OWASP on the Move - Payments]
 +
* [http://www.owasp.org/index.php/Category:OWASP_Flash_Security_Project OWASP Flash Security Project]
 +
* [http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_-_Projects OWASP Spring of Code 2007 - Projects]
 +
* [http://www.owasp.org/index.php/OWASP_AppSec_Europe_2008_-_Belgium/CFTP OWASP AppSec Europe 2008 - Belgium/CFTP]
 +
* [http://www.owasp.org/index.php/Category:OWASP_AJAX_Security_Project OWASP AJAX Security Project]
 +
* [http://www.owasp.org/index.php/Italy_OWASP_Day_2 Italy OWASP Day2]
 +
* [http://www.owasp.org/index.php/Sponsored_Projects Sponsored Projects]
 +
* [http://www.owasp.org/index.php/Category:OWASP_Honeycomb_Project OWASP Honeycomb Project]
  
 
==== New Documents & Presentations from chapters====  
 
==== New Documents & Presentations from chapters====  
 +
 +
* [https://www.owasp.org/images/5/53/Introduction_to_OWASP.pdf Introduction to OWASP]
  
 
For a complete list of chapter presentations see [[OWASP_Education_Presentation|the online table of presentations]].
 
For a complete list of chapter presentations see [[OWASP_Education_Presentation|the online table of presentations]].
 
  
 
== OWASP references in the Media==
 
== OWASP references in the Media==
 +
 +
* [http://ainsean.blogspot.com/2008/02/top-10-reasons-web-sites-get-hacked.html The top 10 reasons Web sites get hacked]
 +
* [http://onelittlewindow.org/blog/?p=37 OWASP DC Meeting in February]
 +
* [http://denimgroup.typepad.com/denim_group/2008/02/static-analysis.html Static Analysis Slide Deck from OWASP San Antonio Online]
 +
* [http://securesoftware.blogspot.com/2008/02/web-caches-and-security-problems-in-web.html Writing Secure Software]
 +
* [http://www.linkedin.com/answers/marketing-sales/advertising-promotion/events-marketing/MAR_ADP_EVM/166257-170718 Final Call for Vendor Sponsorship]
 +
* [http://spookerlabs.multiply.com/journal/item/167/Free_books_from_Open_Web_Application_Security_Project Free books from OWASP]

Latest revision as of 11:23, 8 February 2008

Contents

OWASP Newsletter #13 (08-Feb-2008)

Welcome to the 13th edition of the OWASP Newsletter, featuring OWASP Books and the CSRFTester Project.


As always, if you have any content to add to the next edition, please feel free to add it directly to its WIKI page OWASP Newsletter 14.


Alison McNamee - OWASP Operations Director - Alison.mcnamee@owasp.org

Featured Item: OWASP Books Available

OWASP has 10 books that are available for free download, or to purchase (prices range from $5.81 - $17.44). The current books available are:

  • OWASP Clasp v1.2
  • OWASP Top 10
  • OWASP Top 10 - Testing - Legal
  • OWASP WebGoat and WebScarab
  • OWASP Code Review
  • OWASP Evaluation and Certification Criteria
  • OWASP Top 10 - Ruby on Rails version
  • OWASP SpoC 2007
  • OWASP World
  • OWASP Guide 2.0


If you would like to download or order, please go to Lulu!


OWASP Books are provided at cost, and OWASP is not making a profit.


Featured Project: CSRFTester

OWASP recently came out with the CSRFTester Project, which attempts to give developers the ability to test their applications for CSRF flaws. Cross-Site Request Forgery (CSRF) is a program that tricks a victim into loading a page that contains a malicious request, such as changing personal information or purchasing something the victim is not aware of.


If you would like to download the latest OWASP CSRFTester 1.0 binary and startup script Click Here

If you would like to download the latest OWASP CSRFTester 1.0 source and binary Click Here


To learn more about this project, please visit the Project Home Page.

Latest additions to the WIKI

New Pages

Updated pages

Updated chapter pages:


Other pages:

New Documents & Presentations from chapters

For a complete list of chapter presentations see the online table of presentations.

OWASP references in the Media